Evaluating Regulatory Risks while Outsourcing

It’s quite common for healthcare providers to outsource their billing activities to a medical billing company. Billing and coding for various medical specialties are challenging tasks due to billing guidelines, payer reimbursement policies, updated ICD-10 codes, and accurate use of procedure codes & modifiers.

An orthopedic surgeon recently remarked that he was thinking about outsourcing his billing services to a medical billing company to avoid learning ICD-10 and make ICD-10 ‘the billing company’s problem.’ But hastily outsourcing billing and coding services without careful evaluation can lead to regulatory issues.

Choosing the wrong billing company or outsourcing for the wrong reason can quickly become a nightmare of risk and lost revenue. Performing due diligence before signing the contract can mitigate risk and performance issues before they become acute.

Evaluating Regulatory risks refers to the risk that a change to the laws or regulations will hurt a business or investment by affecting that business, sector, or market.

Evaluating Regulatory Risks

Most providers/ surgeons tend to choose medical billing companies based on low rates without considering the risks. Such medical billing companies can process a claim but are unaware of the regulatory environment. They have no privacy, security, or document destruction policies, and may not even know what a Business Associate Agreement (BAA) is, let alone supply one to the practice.

The requirements for business associates handling billing recently underwent a major overhaul when the Health Insurance Privacy and Accountability Act (HIPAA) Omnibus Rule took effect on Sept. 23, 2013. All business associates are now required to have rigorous privacy, security, and breach procedures, just as medical practices do.

The BAA with a billing service must contain a security policy, a privacy policy, and have a breach notification procedure in place and ready in case a breach occurs. The billing company becomes a legal agent for the practice and the practice may be completely liable for the service’s actions on its behalf.

If the billing company doesn’t destroy accounts receivable reports or paper Explanation of Benefits (EOB/ERA), and these fall into the wrong hands, the practice may still get fined. The billing company’s security policy should cover the details of protecting both digital and paper personal health information (PHI).

A medical billing company should answer questions such as:

  • Who has access to documents that contain PHI, and how are they destroyed and disposed of?
  • Are data transmissions between the practice and the billing company encrypted?
  • How is data stored? Are temporary storage devices such as flash drives protected?
  • How are temporary storage devices destroyed when no longer needed?

You should also inquire about privacy policies and procedures. Who has access to confidential patient data and for what reason? Do employees use computer privacy screens? Do electronic systems log people off after approximately 10 minutes of inactivity?

You should read and scrutinize the BAA carefully and ask specific questions about the security policy for electronic communication. Billing companies like Medical Billers and Coders (MBC) use secure messaging and encrypted access rather than casual email. Secure messaging requires an ID and password and is sent over an encrypted channel.

To Summarize

Before outsourcing medical billing and coding services, orthopedic practices should carefully evaluate regulatory risks. You must always make sure that an outsourced billing company provides you with a HIPAA-compliant Business Associate Agreement (BAA). Also, don’t assume that billing service employees are up-to-date on federal regulations; crosscheck about employee training and coding knowledge. 

Medical Billers and Coders (MBC) is a leading medical billing company providing complete revenue cycle solutions. Our HIPAA compliant day-to-day billing and coding activities ensure that your data remains safe with us and gets destroyed after processing claims.

Our billing services are not only cost-effective but reliable also. To know more about our billing and coding services for various medical specialties, contact us at info@medicalbillersandcoders.com/ 888-357-3226

FAQs

1. Why is it important to evaluate regulatory risks before outsourcing medical billing?

Outsourcing to a non-compliant billing company can lead to privacy breaches, fines, and liability issues for your practice.

2. What is a Business Associate Agreement (BAA), and why is it essential?

A BAA outlines privacy, security, and breach protocols between a billing company and a practice, ensuring compliance with HIPAA regulations.

3. How can I ensure a billing company protects patient data?

Ask about encryption, data storage, destruction policies, and who has access to documents containing PHI.

4. What security measures should a billing company have in place?

They should use encrypted data transmission, secure messaging, protected storage devices, and automatic logout systems for staff.

5. How does MBC ensure HIPAA compliance?

MBC follows strict HIPAA guidelines, uses secure communication channels, and ensures proper data disposal after processing claims.

888-357-3226