This
blog contains information regarding Medical
billing outsourcing news, HIPAA news,
recent information and changes to
the medical billing & medical
coding industry, as well as the thoughts
of our authors.
The word "outsourcing" has become a dirty word for many physicians that have been burned by medical billing companies that either outsourced their claims to medical billing companies that use neither secure networks nor adhere to HIPAA regulation in order to maximize their profits; or the outsourcing company just turned out to not be reliable and it wound up costing the practice money to utilize their services.
Don't let a bad experience keep you from partnering with a legitimate medical billing company that can not only help you get your reimbursements faster but also realize great profits by maximizing every single medical billing claim that is filed to make sure that all services and procedures are counted by the carrier and reimbursed.
If you've been hesitant about outsourcing your medical billing because you aren't sure it would actually help your practice or you've been burned; do a little research on your own and ask for references. Ask the medical billing company what they will do for you. OMG will not only help you get the best reimbursements on your medical billing, they will also help you manage your practice by keeping your and your staff informed of coming CPT coding changes that will affect your practice as well as helping keep your patient accounts organized and you can log in and see where a patient's account stands for insurance payments versus out of pocket. This is a very efficient way to run your practice and when you have the extra time due to partnering with a competent medical billing partner, you will finally be able to help your practice really grow!
It's a valid concern. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has had a major impact on health care providers who do business electronically as well as many of their health care business partners. Many changes involve complex computer system modifications.
HIPAA compliance requirements have been standardized into 4 main aspects.
1) Electronic transactions and code sets 2) Security; 3) Unique identifiers; and 4) Privacy
One common misunderstanding is that you are required to only report electronically to be HIPAA compliant; however that isn't accurate. HIPAA does not require a health care provider to conduct all transactions and medical billing electronically. Rather, HIPAA dictates that if you are going to conduct any one of these business transactions electronically they will need to be done in the standard secure format outlined under HIPAA. So in a nutshell, you're not required to submit your medical billing claims electronically, however you must be HIPAA compliant if you do.
That's one of the main questions to ask when you're looking for a medical billing partner. First ask if they do electronic billing, then ask if their billing methods are absolutely HIPAA compliant. If you get a long pause or the rep doesn't seem sure exactly what you're asking, keep shopping. Another qualifying question can be to ask about the submissions process from start to finish and, that can be a big clue as to whether the medical billing company has secure transmissions.
Remember, when you're looking for medical billing partner, the best fit for your company may not be located near your practice. If you're using secure data transmissions, it opens the field for you to use any medical billing company you choose, as long as they meet your criteria for HIPAA compliance and other issues such as claims follow up and the handling of denials and rejections, on the rare occasions they will occur once you switch to outsourcing your medical billing.
It's expensive to keep up with the technology required to be HIPAA compliant in your billing and it's also difficult for your staff to keep up with the never ending changes in the CPT. If you are finding your staff is spending more time chasing claims then helping service patients, it may be time to give outsourcing your medical billing a long, serious look.
A question that comes up often is exactly how should a medical practice dispose of the hard copies of files? The answer isn't rocket science, shredding is the only good answer. When you are ready to dispose of hard copies medical files, anything with a patient's name on it should be shredded.
If you don't have the staff available and you don't want to invest in an industrial-sized shredder, a good alternative would be to hire an outside shredding service that will either come to your offices and shred on site; or pick up your files, lock and store them in sealed containers and put them on a closed end truck that is locked. Many of these companies will ask you to sign off on both the containers as well as the truck before they leave to get your documents shredded.
It may seem like taking extra steps but it eliminates the horror stories that you may have heard about such as boxes of patient medical files falling off open pick up truck beds or boxes of files simply left by dumpsters. Many physicians are now requiring that outside services only shred the documents on site.
If you don't already have a shredding policy in your office, make sure to take the time to implement one and make every employee aware of it. You can further protect yourself by having your employees sign off that they understand the shredding policy and put that signed copy in their files.
This is another simple way to protect your practice from a simple mistake an employee could make regarding patient files. The more you educate your employees on good practices for keeping private information secure, the less likely your practice is to become a statistic for a patient privacy violation.
If you haven't taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don't you could be in violation of the new HIPAA violations. The last security rule made by HIPAA (and while the final ruling does not mandate that you encrypt all of your email transmission)it does require that you examine how all of your data is transferred on an overall scale.
There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption.
Integrity control sounds a little confusing, but it really just means proper access controls and login procedures, password restriction and other user authorizations; which are the basics of most companies' e-mail policies. Integrity control is also a policy approach to e-mail security; that is, making sure your staff members know what e-mail procedures are permitted within your organization. It's important to keep in mind that your organization may not need to encrypt e-mail. But it's a good security measure if you do.
A good strategy to adopt would be for provider-to-patient e-mail messaging, encrypt all data. After giving the patient cautionary information about e-mail security, the provider must obtain a signed patient authorization to permit e-mail communications. Keep this in the patient's file and you will have no questions about whether or not the patient authorized e-mail communications in case a problem or question arises in the future.
Here are some good questions to ask yourself when accessing your data transfer security: #1 How critical is the information being transmitted?
#2 What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?
#3 How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people;
#4 What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.
If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.
Patient history, or PHI is an aspect of medical billing that has a myth attached. Contrary to popular belief, it is safe practice to allow any permanent office member to take the review of systems and the family social history.
These two evaluation and management history elements can actually be taken by absolutely anyone that is employed by the practice. It is ok in medical billing for even a parent or a secretary to take down this information as long as the information is reviewed and signed off on by the acting pediatrician.
The only part of an evaluation and management visit that the physician or nurse practitioner must complete for medical billing purposes is the history of present illness or the reason for the visit. By allowing your administrative staff to complete some of the patient documentation, a practice can save time and money as it frees up the pediatricians and nurse practitioners to have more time for the actual servicing of the patients.
Another great way to save your practice time and money is to outsource your medical billing. Your medical billing partner will make sure your pediatric practice gets the maximum return and if you're not using a medical billing company, you could be losing almost 30% of your medical billing revenue by simply not knowing how to get the maximum reimbursements that your practice is allowed for services rendered and general errors that occur when practices file their own claims.
If you're wondering how your medical billing gets to the outsourcing company, the answer is carefully and securely. The patients are seen as usual in your office, your staff creates the records for billing just as they always did. If you are still using paper files your claims will need to be scanned and hand entered into the medical billing system, if you transmit electronically your staff will need to only access the program and transmit the chosen claims to be processed by the medical billing company.
The data will transmitted to the medical billing company who will code and double check your medical billing claims to insure they are error free and then transmit them either directly to the carrier or to a clearinghouse. A clearinghouse is just a another check and balance in the system of medical billing. Your claims are formatted in a standard way so they can be transmitted to the various carriers. Once received, the carriers will normally send back a verification of receipt for the electronic claim filing, and then you can begin the countdown until your medical billing claim is reimbursed and you have a check in your office. Normal time until reimbursement is about 2 weeks and in some cases even less.
The simple act of outsourcing your medical billing claims will free up your staff to do so much more within your practice. If they are free from entering, checking and double checking and following up on claims, they can do what they do best - service your patients and help you practice grow and thrive. If there are problems or issues with a particular medical billing claim, your medical billing partner will handle any denials or partial payments.
The protection of medical billing personal health information is a priority. Criminals are constantly trying to access the information, while health care professionals try desperately to protect it. Computers and electronics may be a medical billing time saver, but when it comes to security, some practices fall a little short. There are many examples of good practices. A good example is found at The Rehabilitation Institute of Chicago. This facility has recently solved this electronic medical billing security problem with an innovative new system.
PostX is the program of choice at the Rehabilitation Institute of Chicago. This is a messaging system that was developed for seamless integration and extremely secure medical billing transmissions. It was designed to be able to pass secure medical billing information between the rehabilitation facility and the hospital. It can do all this, while still upholding personal health information confidentiality.
Many times it is necessary to transfer medical billing PHI between medical providers. If this is the case, an secure electronic system is in order. This includes software programs as well as email. The PostX system allows this sensitive medical billing information to be passed back and forth through encrypted messages. The system can automatically detect if information needs to be encrypted or not.
Another great feature of the new secure email system is that medical billing information can be viewed on any computer in your facility. Special software is not required. Not only is the medical billing information secure, but it is hassle free for an authorized person to access.
Make sure your patient records and medical billing are secure at all times. Whether you do your own medical billing or your outsource, as about security measures that are taken to protect confidentiality.
If you haven't taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don't you could be in violation of the new HIPAA violations.
Recently, HIPAA made a final security rule and while the final ruling does not mandate that you encrypt all of your email transmission but it does require that you examine how all of your data is transferred on an overall scale.
There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption.
Integrity control sounds a little confusing, but it really just means proper access controls and login procedures, password restriction and other user authorizations; which are the basics of most companies' e-mail policies. Integrity control is also a policy approach to e-mail security; that is, making sure your staff members know what e-mail procedures are permitted within your organization. It's important to keep in mind that your organization may not need to encrypt e-mail. But it's a good security measure if you do.
A good strategy to adopt would be for provider-to-patient e-mail messaging, encrypt all data. After giving the patient cautionary information about e-mail security, the provider must obtain a signed patient authorization to permit e-mail communications. Keep this in the patient's file and you will have no questions about whether or not the patient authorized e-mail communications in case a problem or question arises in the future.
Here are some good questions to ask yourself when accessing your data transfer security:#1 How critical is the information being transmitted?
#2 What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?
#3 How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people.
#4 What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.
If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.
Outsourcing a Dirty Word toYou?
