Your organization’s annual HIPAA Security Risk Assessment and Analysis are only one element of the compliance process, and whether you’re a Business Associate or Covered Entity, your organization must also “implement security updates as necessary and correct identified security deficiencies”. In other words, you must act via a Corrective Action Plan (CAP) following the required risk assessment process.
Here are a few common Corrective Action Plan steps:
Implement technical policies and procedures to allow access only to those persons or software programs that have been granted access rights to information systems maintained.
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Conduct accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.
Develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis, and must complete a Risk Management plan.
What happens if I fail to complete my Security Risk Assessment?
Failing to complete your annual Risk Assessment oftentimes means the organization will be required to complete a “robust” Corrective Action Plan (CAP) and often with at least two years of monitoring activity.
Have you ever doubted whether a small billing company or independent physician practice actually ever face penalties?
Well, keep in mind, a Business Associate is a ‘person’ or ‘entity’. This means that there is no billing company too small to have to comply with the Federal HIPAA regulations. Again, if you have not completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!
It is important for you to understand that every complaint or potential breach must be investigated byHHS/OCR. If you, a billing company, or another vendor suspects a breach, you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action.
An EZClaim partner, Live Compliance, will help you to make checking off your compliance requirements extremely simple. They provide:
Completely online, our role-based courses make training easy for remote or in-office employees.
Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities.
Complete set of HIPAA Policies and procedures built directly into your portal. Includes actionability, change management documentation, and Incident Response Policy to assist with your Corrective Action Planning. Easily share policies with staff with one click.
Built directly into your portal, easily monitor where your workforce may be vulnerable with our Dark Web Breach Searches. Easily expose breach sources with ongoing searching of active employee email or domain ensuring continued awareness of potential breach exposure. Weekly automatic email notifications if new breaches are discovered.
Short, informative, privacy awareness videos covering technical, administrative, and physical safeguards with topics such as ransomware, phishing, the Dark Web, password protection, and more. All delivered monthly with no logins required, they empower your workforce to make conscious decisions when it comes to your organization’s privacy and security.
So, don’t risk your company’s future, especially when Live Compliance is offering a FREE Organization Assessment to help determine your company’s status. For more information, visit their website, e-mail them, or give them a call at 980.999.1585.
ABOUT EZCLAIM: EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support. Combined, they help improve medical billing revenues. To learn more, visit EZClaim’s website, e-mail them, or call them today at 877.650.0904.
[ Contribution by Jim Johnson with Live Compliance ]
It IS POSSIBLE to improve medical billing revenues, and here are a few ways to do just that.
Healthcare practitioners, whether established or just starting out, have many overwhelming tasks: Managing a practice; Seeing patients; Working to staying up-to-date on administrative tasks; The whole host of compliance at the federal, state, and local level; and Overseeing the billing.
One of these that can lead to loss of revenue is not properly managing the medical billing, which can also lead to HIPAA fines and rejected claims. However, there is a solution: a medical billing system that balances the budget and optimizes revenues of medical practice.
EZClaim, an expert in the medical billing software market since 1997, provides a solution that improves the efficiency of an office’s billing process in many ways. The following are the primary reasons.
Reduce Coding Errors Medical procedures become codes, codes become claims, and claims become revenue. Any error in this process can make claims to be denied, your workload can be increased, and revenue can be lost. To help in avoiding errors, it is essential to use billing software that offers the easiest implementation and access to descriptive diagnosis and treatment codes. EZClaim’s medical billing solution offers ease-of-use in coding, billing, and strong partnerships with Clearinghouses which act as an additional ‘safety net’ for catching errors.
Administrative Support Most medical practices are a small team of people tackling a wide range of tasks, so when one cannot understand the function of the billing software, accessing reliable support is very important. EZClaim prides itself on having dedicated support experts available, and that was how the company was established. Founder and President Al Nagy has said, since day one, “We are a support company that happens to sell medical billing software.”
Maintain Industry Compliance It is important to recognize that industry compliance and a practice’s revenue go hand-in-hand. Filing and batching inaccurate and non-HIPAA compliant claims can often be traced back to an outdated healthcare revenue management system. Conquering these tasks requires a focus on multiple fronts: A properly trained billing team, clear office procedures, patient payment policies, and a reliable medical billing company. These are all ways to help buttress against non-compliance and rejected claims.
Streamline Workflow Recently, a study was done that showed almost 80% of medical bills contain errors. These incorrect medical claims often end up as lost revenue originally, not to mention the additional cost of resubmissions and collections. One of the best ways to resolve this problem for your practice is to make use of both well-trained, experienced billers and coders, combined with a competent medical billing solution that aids in catching these errors. EZClaim software features a library of standard validation, the ability to add custom validation, and integrates with Alpha II for full claim scrubbing.
Follow up Errors will and do occur, so establishing a system for follow-up on all denials will close the loop and protect against lost revenue. Being consistent with the follow-up process, and having a medical billing solution that tracks these things will help close that gap.
Collections Finally, probably the most important aspect that optimizes a practice’s revenue is to get paid. Portals and payment collection systems definitely help with this, but having collections integrated into the medical billing system is, of course, the best. EZClaim has pain-free payment processing integrated into their solution, called EZClaimPay. It solves all the problems associated with payment processing: Bank deposits, reconciliation, statements, changing fees, and ‘finger-pointing’ when there is a problem. EZClaimPay’s robust platform will greatly increase a practice’s collections success, and improve their revenue.
ABOUT EZCLAIM: EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at firstname.lastname@example.org, or call a representative today at 877.650.0904.
Whether you and your workforce are back in the office, or still working from home, there are new compliance regulations, and your HIPAA Compliance program may be a bit different. Reliable and Effective Compliance
• Completely online, our role-based courses make training easy for remote or in-office employees.
• Contact-free and accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
• Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in or out of the office and updated in real-time.
• Electronic, prepared document sending and signing to employees and business associates.
Home care employers are confronting difficult questions regarding how to handle labor and management relations, leave and accommodation, safety and health, and other employment issues.
Littler, a law firm that focuses on labor and employment law, has produced an extensive home care industry FAQ document (41 pages) called “Home Care Industry Coronavirus (COVID-19) Employer Frequently Asked Questions.“ It provides general advice to help address some of the more common questions that home care employers currently face due to the COVID-19 pandemic.
• Client/Patient Privacy/HIPAA
• CARES Act (Including PPP)
• ADA Considerations
• Leaves of Absence
• Wage & Hour
• WARN Act
• Workers’ Compensation
• Health and Safety
• Labor/Management Relations
• Employee Relations
Litter also has a specific page on their website that provides a useful resource for employers to learn how COVID-19 is affecting various aspects of employment law, and how different jurisdictions are addressing the outbreak. Because the COVID-19 situation is dynamic, with new governmental measures each day, Litter suggests that employers consult with counsel for the latest developments and updated guidance on this topic. Click here to view their resource page.
This information was sent to us by one of EZClaim’s premier partners, AxisCare, who provides a home care system designed with the workflow of a private duty agency in mind. AxisCare provides a scheduling software solution that features a GPS mobile app, automatic invoicing, billing and payroll integrations, custom forms, custom reporting, and more. For more details about their all-in-one home care software solution, view their website.
Since developments related to the COVID-19 pandemic are evolving on a daily basis, EZClaim is continuing to discover resources that will assist its clients in understanding these developments. As always, we are here to support your medical billing needs and hope you are safe and well in this challenging time.
For general information about EZClaim, or details about the features of our medical billing software, visit our website.
Compliance Plan Breakout – Written by Stephanie Cremeans of EZClaim
Any provider that is treating Medicare or Medicaid patients is required to have a compliance plan for their practice. This is mandated under the Patient Protection and Affordable Care Act of 2010.
The Office of Inspector General (OIG) has established an outline of seven components to help the small or individual provider offices get started. They also understand that small practices don’t typically have extensive resources creating and establishing a plan, and encourage practices to start with one item, making the compliance plan a working document that is updated and added to as necessary. The seven components are as follows:
Conduct internal monitoring and auditing
Implement compliance and practice standards
Designate a compliance officer or contact
Conduct appropriate training and education
Respond appropriately to detected offenses and develop corrective action
Develop open lines of communication with employees
Enforce disciplinary standards through well-publicized guidelines
Let’s dig in a bit to the first component, conducting internal monitoring and auditing. Starting with this step will help a practice lay the groundwork of its compliance plan and shed light on areas that need additional work. There is no set number of records that are required to be audited, rather a suggestion of 5 (or more) per provider annually for a small or solo practice. You can start your compliance plan by simply documenting that no less than 5 charts per provider will be audited annually. Keep track of the results and use them to start implementing other components. For instance, you have the audit results, but what is considered passing? What are you going to do if a provider isn’t compliant? Document the answers and you are building your plan. Did the audit show specific areas for improvement? Find applicable training or host training for those that need it, document it in your plan. Did you find overpayments? Document how these are to be handled, resolve them quickly, and put policies in place to prevent a bigger problem.
By taking steps to create a compliance plan and show a good-faith effort to improve on risk areas your practice will reap the benefits of clean claims with a reduction in denials, fewer billing errors, and the assurance that your records are ready for an audit. This will also reduce your risk exposure to fines.
For help getting started with that first audit, setting benchmarks and improvement plans or for education on problem areas contact RCM Insight. For additional assistance with building your HIPAA compliance plans contact Live Compliance.
If you are enjoying the informative content we’re providing and have a specific topic you would like to see covered, we would love to hear from you! Please feel free to send along your ideas via email to email@example.com.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.