Global standards and safeguards providers can’t ignore

Monday, April 23, 2018

In recent years, reimbursement cuts and insurance deductible fluctuations have proven to be incredibly challenging, testing even the most experienced HME providers. Today’s growth-oriented providers realize they simply can’t “do it all” and still maintain focus on the essential functions of a patient-centric business. Providers are searching for ways to gain greater agility so they can better adapt to market conditions while maintaining profitability and gain a competitive advantage. One of the most common solutions for this is outsourcing.

Smarter providers have reaped tremendous benefits from outsourcing the more administrative parts of their business operations, such as intake management, insurance billing, patient billing, cash applications, collections, after hours support, data entry and compliance monitoring. By outsourcing, providers can focus on their core business instead of back-office billing and collection functions. Outsourcing is quickly becoming essential for scalability, cost and staff management, better profitability and a renewed ability to concentrate on patient care activities.

Select the right partner to avoid costly mistakes
Once providers decide to outsource, finding the right vendor becomes the main concern. Finding the right partner can be a challenge, and with new vendors appearing on the scene, providers must be aware of best practices and management.

Providers should look at which vendors have proven experience, and most importantly, have all of the appropriate standards and safeguards in place.

Finding a vendor that has top quality, high security measures in place is crucial. Failure to do so can result in a data breach or HIPAA violation. HIPAA violations can be detrimental to business with a potential loss of credibility and hefty fines. In fact, according to HIPAA Journal, the average HIPAA settlement is $1.1 million, and the loss in brand value averages $500,000. This doesn’t include the cost of the lawsuit or forensics. Once it’s all said and done, the average total cost of a HIPAA breach averages $7.7 million.

Another recent cautionary tale involves a community hospice in Hayden, Idaho. A stolen laptop was assigned to a hospice nurse and contained unencrypted patient health information. Though no evidence surfaced to suggest information was tampered with, an investigation following the report revealed the hospice company did not have necessary security measures in place. They received a $50,000 penalty, and it was the first settlement of its kind for a breach that affected less than 500 people. The Department of Health and Human Services Office for Civil Rights clearly wanted to send a strong message about HIPAA compliance.

Do your homework: Standards and safeguards matter
Choosing the right vendor can be cumbersome, but it’s crucial to do your homework before making a selection. Finding a vendor with appropriate standards and safeguards in place is essential to remain compliant and avoid faulty security systems, data breaches or HIPAA violations.

Here are just a few of the global standards and safeguards requirements that HME providers should look for when selecting a reputable outsourcing vendor: 

  • All audits should be completed by an outside agency to ensure compliance with standards and safeguards. Vendors lacking an adequate audit trail create uncertainty in the integrity of records and open themselves up to legal liability or criminal activity.
  • The vendor should be SOC 2 compliant, or at a minimum, compliant with SSAE-16 rules. SOC 2 is a set of standards related to the security, processing integrity, availability, confidentiality and privacy of data. This standardized criterion plays an important role in internal risk management and prevention of regulatory oversight.
  • Finding a vendor that conducts onsite visits to production facilities is a must.
  • The vendor also needs to have the following basic items included in their standards and safeguards compliance plan:
  • Biometric access controlled production centers;
  • Closed circuit cameras that cover all angles of the production center with a minimum of 90 days of video recording;
  • Physically disabled PCs with no PIN drive access, so no files can be saved on a remote device;
  • No cameras or cell phones on the production floor, and lockers should be provided to each employee to store personal items outside of the production floor;
  • White listing is used to control website access, to ensure employees are only able to access approved sites;
  • No email or instant messaging platform is allowed for any employee; and 
  • All system access is controlled by an administrator in the United States.

Outsourcing can be a highly effective solution to gain a competitive edge. By leveraging the right outsourcing partner, HME providers can better manage change and move toward a more flexible operating environment. Selecting the right vendor requires very careful evaluation. Look for a vendor that demonstrates expertise, provides compliant solutions that drive efficiencies and ensures you have maximum security to avoid costly mistakes.

John Moore is Brightree’s vice president of revenue cycle management. John and his team work to constantly build new processes to address provider and marketplace challenges helping to drive business forward with healthy revenue and cash flow.