history can reveal information you may wish to consider when determining whether to take the provider on as a new client. also, third-party billing companies must recognize that denied claims represent money out of their pockets. If claims are consistently denied for payment by the medicare administrative Contractor (maC), you need to determine why this is happening. In late january, OIg issued its 2014 Work Plan, setting out current and future areas of concern and review by the agency.5 Both billing companies and providers alike should regularly review OIg’s Work Plan to determine if the types of services currently being provided – and billed – have been identified as potentially problematic by OIg. In addition, OIg special Fraud alerts, which outline recent cases publicized by the government as well as private payor lawsuits, can serve as excellent resources when you are researching whether the services provided by a potential client may be problematic from a compliance standpoint. as a result, you should keep abreast of recent enforcement efforts. Third-party billing companies should also determine if there are any contract deficiencies. ask yourself: What do I know about this client? Have they ever been placed on prepayment review, subjected to a postpayment audit, or placed on suspension by medicare or medicaid? Is your current billing agreement drafted to protect your billing company if one of these enforcement actions takes place? again, a client’s past history may be an indicator of their future behavior. Finally, it is important to consider why the provider is changing billing companies in the first place. Has the provider been involved in litigation with previous billing companies? Your thorough exercise of due diligence can be an important step in shielding your company from a potentially problematic provider. COMPLIANCE TIP #5: Review your HIPAA privacy practices. By now, both healthcare providers and billing companies should have a solid understanding of the HIPaa Omnibus rule and its requirements. If not, it is important that you review this new rule immediately. Notably, for third-party billing companies, the rule broadens and clarifies their liability as a business associate, as well as the liability of possible subcontractors (for example, an IT company working for a billing company). If they have not already done so, covered entities must revise their current Business associate agreements (Baas) to fully comply with the new HIPaa Omnibus rule. The HIPaa Omnibus rule effectively includes a “limited grandfather rule” and will allow for any Baa in effect prior to january 25, 2013, to be considered “compliant” by the HHs Office of Civil rights until september 22, 2014. The Baa will then need to be updated. also important is the fact that covered entities can no longer take their obligation to ensure that Baas are in place lightly. With the publication of the HIPaa Omnibus rule, OCr has effectively added these additional mandates to their list of audited requirements. Third-party billing companies, as business associates, have a lot of work before them. They need to assess which organizations they deal with qualify as subcontractors that receive, create, or transfer protected health information (PHI) on behalf of the business associate. Once identified, billing companies must execute Baas with each subcontractor. additionally, business associates and subcontractors are fully responsible for any breach caused by their actions. as always, they may only disclose PHI as permitted by law and in accordance with the provisions set out in their Baas. If a business associate learns of a breach or other noncompliance by a subcontractor, the business associate must immediately take steps to address the breach. It is also required to notify the affected covered entities of the breach. Business associates can be investigated by OCr for a breach and are liable for civil monetary penalties that might follow from the breach. Further, covered entities should not assume that these changes under the Omnibus rule somehow “lighten” or “reduce” their potential level of culpability. It is, in fact, more important than ever that covered entities conduct proper due diligence by reviewing their business associates and any subcontractors who have access to PHI. ultimately, all parties – covered entities, business associates, and subcontractors – need to understand the new breach notification requirements set out in the HIPaa Omnibus rule. It is also important for every covered entity, business associate, and subcontractor to review the HIPaa Omnibus rule’s requirements and privacy practices. Failure to abide by these provisions can lead to significant penalties. COMPLIANCE TIP #6: Encourage your providers to read their private payor contracts. Third-party billing companies must ensure that providers thoroughly review their private payor contracts before entering into agreements. The provider may expect you, as the billing company, to read these agreements as well. Providers need to keep in mind that a waiver of copayments and deductibles is not merely a government payor concern. This practice likely violates a provider’s contract with a private payor as well. In addition to representing THe jOurNal OF THe HealTHCare BIllINg aND maNagemeNT assOCIaTION 27
Billing_MJ14
To see the actual publication please follow the link above