Medicare Compliance & Reimbursement

Compliance Tips:

Check Out This Combo of Compliance Shock Therapy, Smart HIPAA Moves, and More

This approach prevents staff from sending an unencrypted e-mail containing PHI.

Ensuring compliance with everything from HIPAA to billing can be tough these days, but Travis Allen, a clinical pharmacist for a home health and specialty pharmacy business, finds a few key strategies can help.

Educate staff about real-world consequences. Allen notes that the compliance officer at the company where he works sends staff e-mails sharing news about how someone got indicted or convicted for HIPAA violations or overbilling home visits, etc. The real-life examples "put fear into people," says Allen. "One example might be how healthcare providers get in trouble by posting [patientrelated information] on Facebook."

Prevent common sources of HIPAA breaches. The company uses an "e-mail program with certain words that red flag in the system," Allen reports. So if a staff person tries to send a patient-related e-mail to a provider who isn't on the e-mail list, the program detects the words and automatically encrypts the message before it's sent. Some of the words that prompt the encryption include "patient, date of birth, history and physical, and orders."

The recipient of the encrypted message can't read it unless he signs up for the organization's program, which requires you to sign in and retrieve the document, Allen relays.

Another safeguard: Staff using laptops can only access patient-related information by logging onto a network. Thus, "as long as a thief who took the laptop didn't know the user names or passwords, he or she couldn't access patient information," Allen says. As a further privacy feature, any temporary files from the network on the laptop are encrypted, he adds.

Keep track of home patients' status. The organization takes steps to avoid sending enteral medication to a patient "who's stacking it up in his garage," Allen says. The patient may not be using as much medication as the doctor ordered for any number of reasons, including noncompliance or hospitalization, he adds. And "if you don't stay in touch and know that's going on, then the agency can end up billing for two months' worth of enteral medication that is going to waste." This approach prevents staff from sending an unencrypted e-mail containing PHI.