The word "outsourcing" has become a dirty word for many physicians that have been burned by medical billing companies that either outsourced their claims to medical billing companies that use neither secure networks nor adhere to HIPAA regulation in order to maximize their profits; or the outsourcing company just turned out to not be reliable and it wound up costing the practice money to utilize their services.

Don't let a bad experience keep you from partnering with a legitimate medical billing company that can not only help you get your reimbursements faster but also realize great profits by maximizing every single medical billing claim that is filed to make sure that all services and procedures are counted by the carrier and reimbursed.

If you've been hesitant about outsourcing your medical billing because you aren't sure it would actually help your practice or you've been burned; do a little research on your own and ask for references. Ask the medical billing company what they will do for you. OMG will not only help you get the best reimbursements on your medical billing, they will also help you manage your practice by keeping your and your staff informed of coming CPT coding changes that will affect your practice as well as helping keep your patient accounts organized and you can log in and see where a patient's account stands for insurance payments versus out of pocket. This is a very efficient way to run your practice and when you have the extra time due to partnering with a competent medical billing partner, you will finally be able to help your practice really grow!

Labels: audit, consulting, denials, hipaa, injections, mastectomy, medical-billing, medical-coding, medical-data, modifier-51, modifiers, nurses, outsourcing, paper-trail, physician-credentialing, security

If you work in the mental health area, you can expect there to be a coming clarification on how HIPAA and FERPA should be interpreted along with a other state and federal privacy laws dealing mostly with situations concerning mental health workers when dealing with patients in conjunction with educations and law enforcement. This change is largely in part to the misinterpretations of privacy laws that were contributed to the Virginia Tech shootings earlier this spring, however it was not attributed to the laws themselves, concluded federal officials in a report to the President.

The report was a compilation of data that was put together by several different agencies including The Department of Health and Human Services, the Department of Education, and the Department of Justice that all made the report after interviewing mental health professionals, educators, and law enforcement officials around the country. In part the report states, “Critical information sharing faces substantial obstacles, education officials, health care providers, law enforcement personnel, and others are not fully informed about when they can share critical information on persons who are likely to be a danger to self or others, and the resulting confusion may chill legitimate information sharing.”

In particular, the report addressed how three bodies of law influenced the actions of people who taught and treated Seung Hui Cho in the months before the shootings: 1) the Health Insurance Portability and Accountability Act (HIPAA), 2) the Family Educational Rights and Privacy Act (Ferpa), and 3) state laws and regs. The report noted that many state laws and regs are restrict information sharing more rigorously than federal laws. Mental health professionals routinely consider these laws when deciding whether to share information in order to protect a patient or those he might harm.

The problem that presented was this : “In some sessions, there were concerns and confusion about the potential liability of teachers, administrators, or institutions that could arise from sharing information, or not sharing information, under privacy laws, as well as laws designed to protect individuals from discrimination on the basis of mental illness.” But it was confusion about the laws, and not the laws themselves, that create the “information silos” that mental health professionals and educators sometimes create, the report argues.

Through this report a solution to help prevent tragic situations such as this was found. The report recommends the development of tools that help providers and educators assess the safety risk and identify instances where protection trumps privacy. Educators, law enforcement officials, and mental health professionals at Virginia Tech could have taken these actions before the shootings without breaking any laws.

Labels: consulting, hipaa, medical-billing, medical-coding

It's a valid concern. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has had a major impact on health care providers who do business electronically as well as many of their health care business partners. Many changes involve complex computer system modifications.

HIPAA compliance requirements have been standardized into 4 main aspects.

1) Electronic transactions and code sets
2) Security;
3) Unique identifiers; and
4) Privacy

One common misunderstanding is that you are required to only report electronically to be HIPAA compliant; however that isn't accurate. HIPAA does not require a health care provider to conduct all transactions and medical billing electronically. Rather, HIPAA dictates that if you are going to conduct any one of these business transactions electronically they will need to be done in the standard secure format outlined under HIPAA. So in a nutshell, you're not required to submit your medical billing claims electronically, however you must be HIPAA compliant if you do.

That's one of the main questions to ask when you're looking for a medical billing partner. First ask if they do electronic billing, then ask if their billing methods are absolutely HIPAA compliant. If you get a long pause or the rep doesn't seem sure exactly what you're asking, keep shopping. Another qualifying question can be to ask about the submissions process from start to finish and, that can be a big clue as to whether the medical billing company has secure transmissions.

Remember, when you're looking for medical billing partner, the best fit for your company may not be located near your practice. If you're using secure data transmissions, it opens the field for you to use any medical billing company you choose, as long as they meet your criteria for HIPAA compliance and other issues such as claims follow up and the handling of denials and rejections, on the rare occasions they will occur once you switch to outsourcing your medical billing.

It's expensive to keep up with the technology required to be HIPAA compliant in your billing and it's also difficult for your staff to keep up with the never ending changes in the CPT. If you are finding your staff is spending more time chasing claims then helping service patients, it may be time to give outsourcing your medical billing a long, serious look.

Labels: consulting, denials, hipaa, medical-billing, medical-coding, outsourcing, security

A question that comes up often is exactly how should a medical practice dispose of the hard copies of files? The answer isn't rocket science, shredding is the only good answer. When you are ready to dispose of hard copies medical files, anything with a patient's name on it should be shredded.

If you don't have the staff available and you don't want to invest in an industrial-sized shredder, a good alternative would be to hire an outside shredding service that will either come to your offices and shred on site; or pick up your files, lock and store them in sealed containers and put them on a closed end truck that is locked. Many of these companies will ask you to sign off on both the containers as well as the truck before they leave to get your documents shredded.

It may seem like taking extra steps but it eliminates the horror stories that you may have heard about such as boxes of patient medical files falling off open pick up truck beds or boxes of files simply left by dumpsters. Many physicians are now requiring that outside services only shred the documents on site.

If you don't already have a shredding policy in your office, make sure to take the time to implement one and make every employee aware of it. You can further protect yourself by having your employees sign off that they understand the shredding policy and put that signed copy in their files.

This is another simple way to protect your practice from a simple mistake an employee could make regarding patient files. The more you educate your employees on good practices for keeping private information secure, the less likely your practice is to become a statistic for a patient privacy violation.

Labels: audit, claims, consulting, hipaa, medical-billing, medical-coding, medical-data, outsourcing, security

If you haven't taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don't you could be in violation of the new HIPAA violations. The last security rule made by HIPAA (and while the final ruling does not mandate that you encrypt all of your email transmission)it does require that you examine how all of your data is transferred on an overall scale.

There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and
(2)encryption.

Integrity control sounds a little confusing, but it really just means proper access controls and login procedures, password restriction and other user authorizations; which are the basics of most companies' e-mail policies. Integrity control is also a policy approach to e-mail security; that is, making sure your staff members know what e-mail procedures are permitted within your organization. It's important to keep in mind that your organization may not need to encrypt e-mail. But it's a good security measure if you do.

A good strategy to adopt would be for provider-to-patient e-mail messaging, encrypt all data. After giving the patient cautionary information about e-mail security, the provider must obtain a signed patient authorization to permit e-mail communications. Keep this in the patient's file and you will have no questions about whether or not the patient authorized e-mail communications in case a problem or question arises in the future.

Here are some good questions to ask yourself when accessing your data transfer security:
#1 How critical is the information being transmitted?

#2 What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?

#3 How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people;

#4 What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.

If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.

Labels: claims, hipaa, medical-billing, medical-coding, medical-data, outsourcing, security

If you haven't taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don't you could be in violation of the new HIPAA violations.

Recently, HIPAA made a final security rule and while the final ruling does not mandate that you encrypt all of your email transmission but it does require that you examine how all of your data is transferred on an overall scale.

There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption.

Integrity control sounds a little confusing, but it really just means proper access controls and login procedures, password restriction and other user authorizations; which are the basics of most companies' e-mail policies. Integrity control is also a policy approach to e-mail security; that is, making sure your staff members know what e-mail procedures are permitted within your organization. It's important to keep in mind that your organization may not need to encrypt e-mail. But it's a good security measure if you do.

A good strategy to adopt would be for provider-to-patient e-mail messaging, encrypt all data. After giving the patient cautionary information about e-mail security, the provider must obtain a signed patient authorization to permit e-mail communications. Keep this in the patient's file and you will have no questions about whether or not the patient authorized e-mail communications in case a problem or question arises in the future.

Here are some good questions to ask yourself when accessing your data transfer security:#1 How critical is the information being transmitted?

#2 What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?

#3 How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people.

#4 What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.

If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.

Labels: hipaa, medical-coding, medical-data, security