Medical Billing Forum
HIPAA => HIPAA => : easternbikes540 September 02, 2009, 08:59:26 AM
-
How do you show proof (or do you) for being HIPAA compliant? I know your business has to be HIPAA compliant, so is there a certificate or something that shows that your business is HIPAA compliant so you can show your clients. Not totally sure how this works. Is it just a trust thing?
-
When a practice I worked for was being investigatd by Federal Marshalls, they came in flashed their badges and gave us a subpoena. The first thing they asked for was the practice financial plan and then they asked to see the practice compliance plan. Using those, they went around and started looking. They checked to see if we were doing what we said we would be doing. They opened desk drawers to see what was in them, they sat near the break table to see what they could hear. They looked in trash cans. They looked to see if computers were left unattended and available during breaks and meals. They were with us for 2 weeks. They spent alot of time in my office asking tons of questions and seeing how I did my job as systems manager. When they left, all they said was we did fine. Mainly they wanted to see if we followed our compliance plan and the practice financial plan. This was generated based on a complaint by a Medicare patient who said they never got a refund of their ovepayment.
-
From what I've read, there are no 'HIPAA Police.' They usually only investigate if a complaint is made. The important thing is that you have a compliance plan in place and that you are following it. If a complaint is made they will come in to see what your plan is and if you are following it.
Michele
-
I have been asked my numerous clients and potential clients to see my compliance plans. Your Medical Associations are advising physicians that outsource or are thinking of outsourcing to get a copy of the compliance plan from the third party medical billing company, so it's good to have this IN place ASAP
-
Do you no where I can obtain a compliance plan for my billing company?
-
it is something you design yourself. go to the oig website and look at what they recommend for billing services. that is a good starting point for you.
-
Hi, can you be a little more specific about the oig website. I visited hippacdemy and compliance 360, was very overwhelmed with the amount of material and where to actually head I then looked on the oig site, but didn't see anything specific to billing servies? I am a very small billing sevice, out of my home. I started billing for a clinician 3 years ago out of my home and want to make sure I'm following all the rules....thanks for any suggestions or more information.
Karen
-
The OIG has a "sample" compliance plan for third party billers. You will want to read and review it. It isn't about copying a compliance plan and putting your name on it. You must adhere to the things IN the compliance plan and the plan should be formatted around YOUR company and compliance. Every billing company should have one, the last thing you want to do is not have one when a provider asks to see it. Same goes for policies and procedures, HIPAA BA Agreements. And let's not forget there are now HITECH regs which required Business Associates to amend their BAA's.
-
I agree with Linda, you don't just make one up and then not adhere to it. It has to become LAW in your office. We work with our ee's, BA's and physicians in constantly educating them on HIPPA. Our presentaions are put on monthly and mandatory testing is done yearly. There have been many times in which I visited a BA and no sooner then I walked in their door did I start finding violations. The OIG site will direct you to the Federal Register which is good. hcca.com is a great compliance fourm in which many of my peers help out on many issues and also you can use compliancehome.com as another compliance resource. I have a HIPPA implementation PDF that contains much information in which your seeking but it is to large to send as an attachment here.
-
I Also like Compliance 360. There are some companies that are way over priced IMO and taking advantage of consultants and practices. Really you just need to educate yourself and remember CYA!!
oh.. and remember HITECH now :)
-
When compiling a Compliance Plan, do you outline every step of your billing process?
Sometimes it is different for each client... I have DME, Family Practice, Chiro, and PT offices and each one has a different method for sending me their work, we use different systems, etc.
What process do I need to outline in my compliance plan? just the general stuff?
-
It can't be too general or else that will defeat the purpose, however, we too get info different from each client. We outline what we do once we receive the info more than how we get the info.
Michele
-
You might be confusing policies and procedures with compliance. Your compliance plan will be a general overall road map of what you do to ensure compliance within YOUR business. The steps you will take to protect your clients, yourself, etc.. It is basically your compliance bible.. If you have a question come up about something a client is doing or not doing they should be doing, you refer to your compliance plan to see what appropriate actions should be taken and you implement that protocol.
A policies and procedures is just that.. a full and comprehensive plan of all your policies and procedures I have mine in the same binder with my compliance plan. Each medical practice should have one as well. I require each client to give me a copy of their P&P when they sign with me as well as office policies, financial policies, etc.
-
I strongly agree with both Linda and Michele. My only disagrement is in Linda's statment, do not confuse compliance and P&P's. I say that becuse as a compliance office, I implement alot of P&P's, for my BA's, for my company, for my PMG's and my at home billers, simply from my observations. So, it goes hand in hand. I stand firm in the advice this fourm has given you, but again, implementing a P&P is easy, but do you follow it? Case example, we have at home billers, if that is your occupation, but while I was there reviewing her case load she had a friend knock on her door and she let her in. Now mind you, her comp., was up with and patint information on the screen and needless to say, she had all the pt bills laying around her table. I do not care if you a at home biller our you a PMB, laws apply and adhere all the same
-
I am here for the first time, and hope you guys can help me. If a medical assistant refuses to chart when a patient comes in to get an injection (only), and says the superbill is document enough, can I be liable if I send that claim to an insurance company? (The MG is not even listed on the superbill). I told the doctor if there was no documentation it was like it was not done. To make a long story short, the doctor said the superbill was sufficient. I disagree but wanted your opinion. I may have to find other employment. Help! Ann
-
Do you work for the Dr (in his office)? Or are you a billing service? Just curious. Anyway, the injection should be documented in the patient's chart and I'm surprised (disappointed) that the provider thinks it's ok not to chart it.
I'm curious to see Linda's answer on this.
I think you are in a very unfortunate situation if this is your job. But I also think this cannot be the only area the dr is not following the rules. Since you are very aware that it's not documented, you cannot bill it. A superbill is not a patient's chart. It doesn't contain enough info to be considered documentation.
Michele
-
Thanks Michelle. I have really been struggling with this knowing that I will have to make a decision about my employment. I appreciate your imput on this and WILL NOT send claims if there is no documentation. So far it has been just the medical assisant not charting injections but the doctor is charting adequantly as far as I can see. However, the doctor will not stand behind me in this. I am currently trying to get my coding certification by March and maybe I can then find a coding position. It is very unfortunate that the doctor I work for does not realize I am just trying to help her when I tell her about these issues, instead she thinks I am telling her what to do and told me I was trying to make extra jobs for the MA. Again, thanks for your imput.
-
A superbill is NOT a medical record.
I went to a doctor, he presented a superbill with a level 1 visit circled. His biller changed it to a level 2 visit. Ive submitted 2 certified requests for a copy of the medical record and have been ignored. My next letters wll go to the Office of Civil Rights, OIG, and Department of Health.
Another doctor insists on billing me for cre he didnt provide. My request for a copy of the medical record resulted in getting a superbill. In his phone call, he also insisted that the superbill was sufficient. He's now under investigation for fraud and he may lose his license. He was warned 3 times he never provided what he circled on the superbill. He just sent the account to his collection agency which could result in a lawsuit and federal investigations.
Anything billed must be supported by the documentation in the medical record. Your State medical record law may specify further requirements. Medical Record Rule: If it isnt documented in the chart, it doesnt exist AND you document the chart as if it were evidence in court.
-
I know this is a little late to the party but I would like to post this in response to the original question.
In the large health insurance agencies I've worked for we had to take somthing similiar to this every six months. Same concept but different company. So I would like to continue it for compliance reasons. I plan to use this company.
http://www.hipaaexams.com/index.html
-
I know this question was started in April however, I did find some interesting resource that might help the original person about demonstrating HIPAA compliance for her home based business. Now I have not looked at the actual manual but American Medical Billing Association (AMBA)has a manual for members not sure about non members for $69.00 with sample. Try this URL for a direct link to it www.ambanet.net/compl_manual.htm Not sure if this is what your looking for but maybe it could be of some use in your journey. Thanks, Anna Evans
-
I know this question was started in April however, I did find some interesting resource that might help the original person about demonstrating HIPAA compliance for her home based business. Now I have not looked at the actual manual but American Medical Billing Association (AMBA)has a manual for members not sure about non members for $69.00 with sample. Try this URL for a direct link to it www.ambanet.net/compl_manual.htm Not sure if this is what your looking for but maybe it could be of some use in your journey. Thanks, Anna Evans
Its not sold to non-members, and you can obtain a lot of that same information from the OIG website.
-
Here is MY opinion on samples downloaded on the internet.. They are just A GUIDE. I've seen too many billing companies get burned because they downloaded some simple 3 page contract and thought that was all they needed. NOT true. My contract went from 4 pages to 13.. I will challenge anyone with a contract with less than 5 pages.. I will find a ton of loopholes. ..yes that's a challenge, bring it on. It is why I don't give out samples like that because in my opinion it is IRRESPONSIBLE for anyone to send these through email or put out to download. First of all a compliance manual is UNIQUE to your business, in addition to adhering to federal guidelines, there are state guidelines and there are guidelines you need that are specific to the running of YOUR company. How can you download a sample compliance plan, put in your name and stick it on a shelf? It's ridiculous actually! It's irresponsible, nevermind you just paid for information given to you for free and MEANT for you to modify it.. PLUS you have to adhere to those guidelines. Putting it on paper is the easy part.. ADHERING and following that compliance plan is imperative!! Do you know how many times a biller might ask about a provider who wants to know if he can waive a copay, or do other things.. the first place a biller has to look BEFORE asking this question is the compliance plan of the provider, the policies procedures, the financial policies of the practice they are working for.. YOUR answers are there..that's what they are there for. If your provider doesn't have one.. wow..get on them about it.. get them compliant. 90% of questions I see should never be posted because the answers are within the compliance guides or the policies and procedures. A billing company should have one of each. It's your guideline, it's where you go to find out if your doing something wrong, it's your guideline to figuring out what to do when there is a problem.
DO NOT RELY ON downloaded contracts, samples of compliance plans. Please don't. I'm telling you this to save you a lot of trouble!
-
I'm glad you posted this information PMRNC. Everyone here had really good information on contracts and compliance plans. All things I keep making note of in my very big book of things to do and know. ;D
The poster asked about HIPAA certification which is something ENTIRELY different then contracts and compliance plans. It is certification that you are aware of the HIPAA Law. To the poster, I have gone through HIPAA training over 10 times. I have a link to the a certification class that is basically the same as all the other's I have taken over the years, at companies I have worked for, and hope it is helpful.
Keep the passion flowing everyone ;D
-
HIPAA yes is a separate thing, however HIPAA should be included in the "compliance plan" But again, downloading samples and guides is not enough, My compliance plan is in a large 5'' binder and HIPAA is in there in it's own section, if I were to have downloaded it and set it on my shelf would have been useful. I think you actually LEARN more and BECOME HIPAA compliant by doing your own so that you know what is in there is how it is in your business.
-
We implement P&P's and HIPAA into our overall compliance plan and training even though we include all we still place even emphesis on all sections because each and all are equal. Not only do we train that an effective compliance plan reinforces an employees' sense of right and wrong but also demonstrates a companies commitment to honestly and integerity. I always advise my peers that as with any risk downloading material has its pros and cons and if you decide to alter any material to your advantage make sure to have your legal counsel review and approve before implementing. If looking for compliance guidance I like constantly reviewing the OIG website because in all OIG program guidances, the first of all its elements calls for 'The development and distribution of written standards of conduct and well as written P&P's that promote committment to compliance'. Now with that said and done does this make you compliant? No! Does having a library in ones house make them a scholar? No! You must be able to practivce what you preach, be committed, maintain resources and continue, continue,continue, continue and KEEP continuing your compliance education and training. Remember, the worst thing about not having a compliance program is having a compliance program and not following it.
For compliance education and insite I recommend the book compliance 101 as well as popping in every now and then on the HCCA Compliance fourm
-
I will challenge anyone with a contract with less than 5 pages.. I will find a ton of loopholes. ..yes that's a challenge, bring it on.
My contract is 2 pages and was approved by the NJ Department of Banking and Insurance.....
-
@ Michelle, haha mines is 3!!
-
@ Michelle, haha mines is 3!!
ahhhhh...too long ;)
-
My contract is 2 pages and was approved by the NJ Department of Banking and Insurance....
Yes a copy of your contract is required by the Dept of NJ, however they do NOT review nor can they review them for legalities / contract terms, they are not allowed to. They are there to make sure your business is valid and registered, they do NOT certify. They really only want to see you HAVE a contract.
-
all kidding aside, your contract is very important. i agree one should not use another person's contract as it may not be sufficient for the services they render. I do however disagree on the length of their contract. I read someones contract and it was filled with so much legal jargon it made me sick. when i first joined the forums i heard the same "WARNING WARNING WARNING" on a lot of issues including the contract. There are NO IRON CLAD CONTRACTS, no matter how lengthy or short, contracts get broken every day, and people are in litigation every day. A lawyer will take your case knowing he can't win, just to get your money!!! For those that hate Chiro's as crooked, nothing is more crooked than a LAWYER!!! You can have a basic contract and an attorney can redo that contract in legal terms and its EXACTLY the same contract you had, just "fancied" up. Nobody has a contract without a loop-hole. I have seen issues come up in this forum that may not be included in my contract. I don't have a lengthy one, but I have multiple contracts. My contract may be 3 pages for 1 provider, and then 4 for the next. What my contact covers basically is the technical legal issues. The addendum covers the services I will provide. Some providers will have me do the invoicing while others will not, so its not listed as a job duty I will perform. I would say to anyone who is looking at their contract thinking it is too short and not good enough to remember QUALITY beats Quantity every single time. Having a contract put in legal terms lengthens it, not necessarily strengthens it.
-
They really only want to see you HAVE a contract.
Not true that they just want to see you HAVE a contract.......Mine had to be edited twice before they approved it.
-
Some might call it legal "jargon" or "mumbo jumbo", but it isn't and I guess it depends on the quality of the business you have and your provider/clients. I've had providers go thorough my contract with questions and have always commented on thorough it is. It shows I've taken the time at great lengths to protect my business as well as their practice. That's how I see it. Most of the things I added to my contract over the years were due to learning the hard way. I do still think it's very unprofessional and irresponsible to give out OR download.
-
Mine had to be edited twice before they approved it.
Were they general terms, because a good attorney would have told you that the Dept of insurance is NOT a legal firm nor can they give legal advice. I can see if there were very basic and general things left out or a NJ state specific clause had to be added/revised (there's a few in NJ). Also, I have different contracts for different clients, it's a "legal document" and they can't mandate "ONE" for general use. I can't see how all clients are same, nor services rendered so how can you have one generic blanket contract?
-
and I agree with you on the "download" Linda as far as using a "prototype" contract. I don't agree that people who don't have a lengthy contract don't have one that isn't of substance. I don't agree that because yours is longer that its BETTER. I don't agree that I think less of my business or don't go through what I need to in order to protect it based on the size of my contract. Like I said for newbies, we should let them know the caution of using a blanket contract, or any legal form, however NOBODY can state that if it isn't this long, its has loop holes. I have a very good contract, and its hardly 13 pages long.