Medicare Compliance & Reimbursement

Tip: Ask to see second references.

Are you considering updating your billing protocols or is your Medicare practice in the market for a change? No matter the reason, it’s a smart move to fully investigate your associates, especially third-party billers, who are privy to sensitive patient data and key to your bottom line.

Context: Hiring a third party may appear to be a positive business move for many Medicare providers and lighten the load of your in-house billers. But, remember it’s still your responsibility to ensure that the company you hire is compliant, and that’s why it’s essential that you investigate the biller further before hiring them.

Reminder: “Practices that use third-party billers should meet with them and review how claims are coded and submitted,” suggests attorney John E. Morrone, a partner at Frier Levitt Attorneys at Law in New York City. “Many practices do not realize that they are ultimately responsible for claims coded and submitted on their behalf.”

Here’s Another Reason to Check Up on Your Billers

It’s vital that you vet all your vendors and check into their backgrounds and associations before you enter into business with them. Why? Last September, the Centers for Medicare & Medicaid Services (CMS) issued a final rule that investigates providers’ affiliations with bad actors before they even enroll in Medicare. The agency hopes this new focus on integrity will cut down fraud and abuse while boosting compliance in the federal healthcare space (see Medicare Compliance & Reimbursement, Vol. 45, No. 18).

Consider asking these questions when checking on your billers’ compliance:

• Is an active compliance program in place at your company?
• Do you have written coding and procedures’ policies?
• Is there a denial review procedure?
• How do you safeguard your patients’ privacy and security?

Physicians often say, “I will have our billing company handle that, so I don’t have to worry about a lot of compliance issues.” This attitude is fraught with risk as there are just as many bad billing companies as good ones, and it is the practice’s responsibility to do the proper research.

Keep these tips in mind when researching a third-party biller:

• Ask for a reference list. Then, ask for more references. The best references will be on the first list; a more accurate picture will emerge from the second.
• Make sure a compliance plan is in effect and that the biller is continuously training its staff on compliance, especially on data security.
• Assess their knowledge of modifiers, appeals, denials, secondary payer arrangements, and overpayments.
• Investigate how they maintain good communication with their clients and encryption processes.
• Find out if training programs are available and how staff are vetted.
• Make sure they know the proper procedures for advance beneficiary notices (ABNs).

It is essential to check references that are in the same specialty as your practice. Coding is very specialty-oriented, particularly regarding the use of modifiers. A biller that’s very adept at pathology billing may not be as effective for a family practice because they won’t be familiar with E/M coding, for instance.

Tip: Another way to check the professionalism and competency of the billing company is to visit the facility if possible. Touring the office will give you quick answers, especially if your visit is unannounced and you ask to speak with the compliance officer.

During the visit, check to see whether their staff has the most recent HCPCS, CPT^®, and ICD-10 editions. Find out how often their coding software is updated. Ask to see a copy of their compliance manual and recent memos of their training class schedule or copies of emails. This will tell you how serious they are about training. Review the code-of-conduct and data security policy.

Keep HIPAA in Mind, Too

Many of the biggest breaches over the last year have been related to third-party business associates (BAs) and their failures to manage risks and secure patients’ protected health information (PHI).

Update: Recently, the HHS Office for Civil Rights (OCR) updated its guidance on the direct liability of BAs. The truth is that CEs need to be doubly careful of what they share with their partners and vendors (see Medicare Compliance & Reimbursement, Vol. 45, No. 23).

The new guidance outlines and clarifies which “party is ultimately responsible for satisfaction of various responsibilities and patient rights,” explains HIPAA expert Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems LLC in Charlotte, Vermont. “Where the BA is not responsible, the hiring entity is.”

Sheldon-Dean continues, “The guidance doesn’t reduce the BA responsibilities so much as define the legal liability boundaries between entities. It is overall a useful document, even though in many cases now it clearly puts the covered entities on the hook for making sure their business associates are providing services on their behalf according to the rules.”