HIPAA Compliance Tips
Privacy matter is critical to all healthcare providers, much especially for midwives. Our patient entrusts their lives to us that is why trust becomes a huge part of patient- midwife relationship that should not be neglected. Ensuring that all patient data are properly collected and well protected is our huge responsibility. It comes with patient confidentiality that is important for both patients and midwives, and it preserves the integrity of the midwifery community.
The U.S. healthcare system has never had a shortage of problems – it has always dealt with several issues simultaneously. The exorbitant prices, the lack of price transparency, medical identity theft cases, lack of patient identification in hospitals, preventable medical errors, and archaic laws are just some issues that plague healthcare. Healthcare data breaches have unfortunately been growing at an exponential rate. With no signs of them stopping anytime soon, it becomes crucial that healthcare providers, `professionals, and everyone involved with patient information be vigilant regarding protecting the data.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. This is as important to the healthcare industry now more than ever — if not more. Hospitals, insurance companies and healthcare providers all need to ensure HIPAA compliance to safeguard private and sensitive patient data.
HIPAA introduced a number of important benefits for the healthcare industry to help with the transition from paper records to electronic copies of health information. HIPAA has helped to streamline administrative healthcare functions, improve efficiency in the healthcare industry, and ensure protected health information is shared securely.
The HIPAA legislation had four primary objectives:
The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.
Your practice, not your electronic health record (EHR) vendor, is responsible for taking the steps needed to comply with HIPAA privacy, security standards, and the Centers for Medicare & Medicaid Services’ (CMS’) Meaningful Use requirements. Read up on laws governing the privacy and security of health information. You must comply with all applicable federal, state, and local laws.
Below are the steps how you and your practice become HIPAA compliant
1. Create Privacy and Security Policies for the PracticeBecoming HIPAA compliant requires more than simply following HIPAA Security and Privacy Rules. Covered entities and business associates must also prove that they’ve been proactive about preventing HIPAA violations by creating privacy and security policies. These policies must be documented, communicated to staff, and regularly updated. Staff must be trained on HIPAA policies during orientation and at least once a year, and they must attest (in writing) that they understand all HIPAA policies and procedures.
Healthcare organizations are also required to create and distribute a Notice of Privacy Practices (NPP) form for patients to review and sign. The NPP should outline the covered entity’s privacy policies, including how PHI is handled, and notify patients of their right to access copies of their medical records.
2. Name a HIPAA Privacy Officer and Security Officer
HIPAA legislation is complicated and ever-changing, so every healthcare organization needs its own internal HIPAA experts. The HIPAA Security Rule requires covered entities to designate a Privacy Compliance Officer to oversee the development of privacy policies, ensure those policies are implemented and update them annually. HHS suggests that larger organizations also form a Privacy Oversight Committee to help guide policy creation and manage oversight. The Privacy Officer and Oversight Committee members must undergo regular training to stay abreast of changes to HIPAA regulation. The HIPAA Privacy Officer is also responsible for maintaining NPPs, managing and updating BAAs, scheduling training sessions and self-audits, and otherwise ensuring that the organization is compliant with the HIPAA Privacy Rule.
Covered entities are also required to have a HIPAA Security Officer to ensure there are policies and procedures in place to prevent, detect, and respond to ePHI data breaches. The Security Officer establishes safeguards required by the Security Rule and conducts risk assessments to gauge their effectiveness.
3. Implement Security Safeguards
The Security Rule requires three types of safeguards that covered entities and business associates must have in place to secure ePHI — including:
4. Regularly Conduct Risk Assessments and Self-Audits
Becoming HIPAA compliant is not a one-and-done process. HHS requires covered entities and business associates to conduct regular (at least annual) audits of all administrative, technical, and physical safeguards to identify compliance gaps. Organizations must then create written remediation plans that clearly explain how they plan to reverse HIPAA violations and when this will happen.
5. Maintain Business Associate Agreements
Before sharing PHI with business associates, covered entities must obtain “satisfactory assurances” that the business associate is HIPAA-compliant and can effectively safeguard the data, and the parties must enter a BAA. All BAAs must be reviewed annually and updated to reflect any changes in the nature of the business associate relationship.
6. Establish a Breach Notification Protocol A HIPAA violation doesn’t always get organizations into trouble, especially if they can prove the breach was unintentional and that they did everything in their power to prevent such breaches. But failing to report breaches makes the situation worse. The HIPAA Breach Notification Rule requires covered entities and business associates to report all breaches to OCR and to notify patients whose personal data might have been compromised. HIPAA-beholden organizations are required to have a documented breach notification process that outlines how the organization will comply with this rule.
7. Document Everything
Organizations must document all HIPAA compliance efforts — including privacy and security policies, risk assessments and self-audits, remediation plans, and staff training sessions. OCR will review all this documentation during HIPAA audits and complaint investigations. HIPAA compliance is critical for healthcare organizations, not only to protect patient privacy but also to protect the bottom line. To keep data safe, healthcare providers need to know how to become HIPAA compliant, and they need technology partners who take it just as seriously as they do.
Our duty as midwives is not only to provide our client with quality care but protecting their information as well. We must comply these set of rules not only to follow the law, but to safeguard confidentiality and individuality.
Learn more about HIPAA https://www.healthit.gov/sites/default/files/pdf/privacy/onc_privacy_and_security_chapter4_v1_022112.pdf
Deciding whether you should outsource your billing can be a difficult decision for many physicians, practice managers or business owners. Medical Billing requires a special set of skills, and in the last few years there has been a jump in complexity and red tape. For this reason, many make the choice to outsource their medical office billing to a professional medical billing and coding professional company. Whether you are new to starting your practice, an experienced professional, or thinking of upgrading to a new system, there are many advantages to outsourcing medical billing. Check out these major benefits of utilizing medical billing and coding professionals:
DEDICATED, EXPERIENCED SPECIALISTS WITH YOUR GOALS
A billing service can afford to hire the best staff possible. These workers do one thing – increase the profitability of your practice. They review and post all payments; carriers are paid the correct amount and on time. Incorrect adjustments are corrected. Every claim in track and processed. They are integrated with your staff and abide by the same goals but at the same time, they are experts in their field and are not pulled away to other things, ensuring your practice makes money, so they can make money, and everything is taken care of. They are also up to date on any changes in the industry.
FOCUS CAN REMAIN ON WHAT YOU DO BEST – PATIENT CARE
Years spent training in medical school trained you in helping and healing people, it did not train you in medical billing. Doing your own medical billing and coding requires much time and energy that you could be spending elsewhere. Physicians cannot be efficient at providing excellent patient care and focusing on patient satisfaction if they are strained by the financial side of the running your practice. Enjoy your work without the added stress and headache. A billing and coding service’s one sole purpose is to provide medical billing services, allowing you to maintain your patients.
There is a direct financial benefit of higher returns and lower costs from using a medical billing and coding professional. This can save you on overhead, staffing, insurance, and hardware as well as on salaries, benefits, office supplies purchasing billing software and buying computer equipment.
INCREASE YOUR REVENUE AND IMPROVE CASH FLOW
If you had an in-house medical biller that wanted to take a vacation or was sick, those claims would go in late, and your billing interruptions would affect your cash flow. Using a medical billing and coding professional service means you will have a continuous, steady flow of claims being processed and cash coming in. A medical billing service will submit your claims faster, so you receive payment from payers quicker.
REDUCE BILLING ERRORS AND ENSURE BILLING COMPLIANCE
Because health care is an always-changing industry, it is a challenge is keeping up with the changes in Medicare, Medicaid and third-party payers. To medical billing and coding companies it is, actually, a full-time job to make sure that they are following the proper protocol and staying up to date on the latest changes in order to maintain compliance. Professional medical coders and billers ensure your claims are accurate and submitted on time.
IMITIGATE YOUR ADMINISTRATIVE RISK
There is risk associated with the administrative functions of a practice. You are required to be in compliance with codes, bill patients in a timely manner, and keep all patient data and transactions secure. The livelihood of your practice can depend on how your business administration is handled.
HEALTHCARE REQUIREMENTS CHANGE RAPIDLY
Healthcare changes at an unprecedented rate so medical billing does as well. Keeping up to speed with these rules and requirements takes constant education and vigilance, as fees change, carrier rules change and codes change. Leave this to the professionals
GAIN CONTROL OF YOUR PRACTICE
Outsourcing medical billing does not mean giving control to someone else, instead it means giving the work to a provider that is an expert in their field, while you can enjoy the breathing room to focus on your practice, review monthly reports and have more control over your practice than you ever have before.
Coding and billing for maternity obstetrical care is quite a bit different from other sections of the American Medical Association Current Procedural Terminology (CPT). Maternity care services typically include antepartum care, delivery services, as well as postpartum care. Depending on the patient’s circumstances and insurance carrier, the provider can either:
The Global Obstetrical PackageWhen discussing maternity obstetrical care medical billing, it is crucial to understand the Global Obstetrical Package.
Most insurance carriers like Blue Cross Blue Shield, United Healthcare, and Aetna reimburses providers based on the global maternity codes for services provided during the maternity period for uncomplicated pregnancies.
Currently, global obstetrical care is defined by the AMA CPT as “the total obstetric package includes the provision of antepartum care, delivery, and postpartum care.” (Source: AMA CPT codebook 2022, page 440.)
If the services rendered do not meet the requirements for a total obstetric package, the coder is instructed to use appropriate stand-alone codes. These might include antepartum care only, delivery only, postpartum care only, delivery and postpartum care, etc.
When billing for the global obstetrical package code, all services must be provided by one obstetrician, one midwife, or the same physician group practice provides all of the patient’s routine obstetric care, which includes the antepartum care, delivery, and postpartum care.
Here a “physician group practice” is defined as a clinic or obstetric clinic that is under the same tax ID number. It uses either an electronic health record (EHR) or one hard-copy patient record. Each physician, nurse practitioner, or nurse midwife seeing that patient has access to the same patient record and makes entries into the record as services occur.
Individual Evaluation and Management (E&M) codes should not be billed to report maternity visits unless the patient presents for issues outside the global package.
All prenatal care is considered part of the global reimbursement and is not reimbursed separately. The provider will receive one payment for the entire care based on the CPT code billed.
Services Bundled with the Global Obstetrical PackageA key part of maternity obstetrical care medical billing is understanding what is and is not included in the Global Package.
Services provided to patients as part of the Global Package fall in one of three categories. They are:
Antepartum CareAntepartum care comprises the initial prenatal history and examination, as well as subsequent prenatal history and physical examination. This includes:
Intrapartum Care AKA Labor & DeliveryLabor and delivery include:
Postpartum CarePostpartum care includes the following:
IMPORTANT: All of the above should be billed using one CPT code. Separate CPT codes should not be reimbursed as part of the global package.
Services Excluded from the Global Obstetrical PackageCertain maternity obstetrical care procedures are either highly complex and/or not required by every patient. As such, including these procedures in the Global Package would not be appropriate for most patients and providers. The American College of Obstetricians and Gynecologists (ACOG) has developed a list of procedures that are excluded from the global package. If the provider performs any of the following procedures during the pregnancy, separate billing should be done as these procedures are not included in the Global Package.
Split Care Performed/Itemization BillingSome patients may come to your practice late in their pregnancy. Others may elope from your practice before receiving the full maternal care package. In such cases, your practice will have to split the services that were performed and bill them out as is. Examples of situations include:
If the patient had fewer than 13 encounters with the provider, your practice should contact the insurer to find out whether the insurer will honor the global package CPT code. Possible billings include:
Diagnosis Codes for Deliveries and Related Services
Who Is Eligible to Provide Patient Care?The following is a comprehensive list of eligible providers of patient care (with the exception of residents, who are not billable providers):
ModifiersDepending on your state and insurance carrier (Medicaid), there may be additional modifiers necessary to report depending on the weeks of gestation in which patient delivered. Before completing maternity obstetrical care billing and coding, always make sure that the latest OB guidelines are retrieved from the insurance carrier to avoid denials or short pays.
In order to ensure proper maternity obstetrical care medical billing, it is critical to look at the entire nine months of work performed in order to properly assign codes. Pay special attention to the Global OB Package. The coder should have access to the entire medical record (initial visit, antepartum progress notes, hospital admission note, intrapartum notes, delivery report, and postpartum progress note) in order to review what should be coded outside the global package and what is bundled in the Global Package. The key is to remember to follow the CPT guidelines, correctly append diagnoses, and ensure physician documentation of the antepartum, delivery and postpartum care and amend modifier(s).
Midwifery billing and coding are the backbone of midwifery care revenue cycle, ensuring payers and patients reimbursed providers for services delivered. With midwifery care on the rise in the United States, people are starting to hear about midwives and home birth. Midwifery offices receive money from private insurances providers and various healthcare programs, such as Medicare and Medicaid, which are provided by the government. Receiving proper funds allows the midwifery business office to stay open. With suboptimal reimbursement, it is difficult for them to provide stellar healthcare to patients.
Midwifery billing process is a series of steps completed by billing specialists to ensure that birth professionals are reimbursed for their services. Depending upon the circumstances, it can take a matter of days to complete, or may stretch over several weeks or months. While the process may differ slightly between birth centers, here is a general outline of a medical/midwife billing workflow.
1. Patient Registration
Patient registration is the first step on any billing flow chart. This is the collection of basic demographic information on a patient, including name, birth date, and the reason for a visit. Insurance information is collected, including the name of the insurance provider and the patient's policy number, and verified by billers. This information is used to set up a patient file that will be referred to during the billing process.
2. Financial Responsibility
The second step in the process is to determine financial responsibility for the visit. This means looking over the patient's insurance details to find out which procedures and services to be rendered during the visit are covered. If there are procedures or services that will not be covered, the patient is made aware that they will be financially responsible for those costs.
3. Superbill Creation
During check-in, the patient will be asked to complete forms for their file, or if it is a return visit, confirm or update information already on file. Identification will be requested, as well as a valid insurance card, and co-payments will be collected. Once the patient checks out, birth reports from the visit are translated into diagnosis and procedure codes by a coder. Then, a report called a “superbill” may be compiled from all the information gathered thus far. It will include provider and clinician information, the patient's demographic information and history, information on the procedures and services performed, and the applicable diagnosis and procedure codes.
4. Claims Generation
The biller will then use the superbill to prepare a claim to be submitted to the patient's insurance company. Once the claim is created, the biller must go over it carefully to confirm that it meets payer and HIPPA compliance standards, including standards for coding and format.
5. Claims Submission
Once the claim has been checked for accuracy and compliance, submission is the next step. In most cases, the claim will be electronically transmitted to a clearinghouse, which is a third-party company that acts as a liaison between healthcare providers and health insurers. The exception to this rule is high-volume payers, such as Medicaid, who will accept claims directly from healthcare providers.
6. Monitor Claim Adjudication
Adjudication is the process by which payers evaluate claims and determine whether they are valid and compliant, and if so, the amount of reimbursement the provider will receive. During this process, the claim may be accepted, rejected or denied. An accepted claim will be paid according to the insurer’s agreements with the provider. A rejected claim is one that has errors that must be corrected and the claim resubmitted. A denied claim is one that the payer refuses to reimburse.
7. Patient Statement Preparation
Once the claim has been processed, the patient is billed for any outstanding charges. The statement generally includes a detailed list of the procedures and services provided, their costs, the amount paid by insurance and the amount due from the patient.
8. Statement Follow-Up
The last step in the billing process is to make sure bills are paid. Billers must follow up with patients whose bills are delinquent, and, when necessary, send accounts to collection agencies.
Like many other complicated midwifery procedures, billing may take up so much time on your end as a midwife. Billing takes a huge part on the success of your midwifery business as it makes sure that cash flow is good, making your midwifery practice run smoothly.
Bryant & Stratton College Blog Staff. (n.d.). 10 steps in the medical billing process. Bryant & Stratton College. Retrieved June 18, 2022, from https://www.bryantstratton.edu/blog/2018/january/medical-billing-process
Ways To Prevent Insurance Fraud
Insurance fraud is any act made to deceive an insurance procedure. It occurs when a claimant attempts to obtain some benefit or advantage they are not entitled to, or when an insurer knowingly denies some benefit that is due. It is also a deliberate deception perpetrated against or by an insurance company or agent for the purpose of financial gain. Fraud may be committed at different points by applicants, policyholders, third-party claimants, or professionals who provide services to claimants. Insurance agents and company employees may also commit insurance fraud. Common frauds include “padding,” or inflating claims; misrepresenting facts on an insurance application; submitting claims for injuries or damage that never occurred; and staging accidents.
People who commit insurance fraud include:
Common types of healthcare and insurance fraud
1. Fraud Committed by Medical Providers
2. Fraud Committed by Patients and Other Individuals
3. Fraud Involving Prescriptions
How to Prevent Insurance Fraud?
The Affordable Care Act of 2010 included fraud-fighting efforts, such as allowing the U.S. Department of Health and Human Services (HHS) to exclude providers who lie on their applications from enrolling in Medicare and Medicaid and the Improper Payments Elimination and Recovery Act, which requires agencies to conduct recovery audits for programs every three years and develop corrective action plans for preventing future fraud and waste.
Other efforts included:
Additionally, in 2012, HHS and the Department of Justice formed the National Fraud Prevention Partnership to combat health care fraud. The group also consists of private and public groups such as health care companies and their organizations, the National Association of Insurance Commissioners, the National Insurance Crime Bureau and the National Health Care Anti-Fraud Association. The groups will share information on claims from Medicare, Medicaid. and private insurance to be administered by a third-
Fraudulent acts have no escape with the law. Whether you’re a healthcare provider trying to slip away money from your clients, or a client who doesn’t one to compensate the services provided to you. Either way, one must be vigilant enough to take part in protecting his/her right and preventing these things to happen. Keep all your records intact and avoid providing your information to anyone asking for it. Always verify, verify, verify!
Background on: Insurance fraud. III. (n.d.). Retrieved June 18, 2022, from https://www.iii.org/article/background-on-insurance-fraud