[ Friday, June 17, 2005 ]
Make Sure Your Billing Company Is HIPAA Compliant:
The latest email I've gotten from Medical Newswire has an article outlining some steps you should take if you use a third-party billing company to pursue your collections. Obviously, such an entity would receive PHI from you and provide a service on your behalf, and would therefore be a Business Associate. So you need a BAA with them.
The minimum necessary rule applies to disclosures to your billing company, so don't just hand over the whole file; only give them the info they need to bill for the current procedures. You should also make sure your biller maintains patient confidentiality. Make sure they use adequate protection and have appropriate policies and procedures. They should have confidentiality agreements with their employees and independent contractors. Tour their office if necessary to make sure you are comfortable with the way they do business. And ask about their document destruction policies; you don't want their dumpster to be the one that the bad guys dive.
In addition to HIPAA, there are other issues that the billing company arrangement can raise. You need to make sure they comply with Fair Debt Collection Practice laws (federal and state). And you should also realize that over-aggressiveness on their part can have repercussions; anger over aggressive billing techniques can be the final straw for a disgruntled patient with a bad outcome to decide to sue for malpractice. Also, the "face" of your practice that some of your patients see most will be your collectors, so make sure you are comfortable with the image they convey.
Jeff [1:38 PM]
Blogger: HIPAA Blog - Edit your Template