Risk Management for Healthcare Third-Party Billing Companies

05 Sep Risk Management for Healthcare Third-Party Billing Companies

Posted at 09:00h in #mattthelawyer, Contracts, Health Care Legal, Healthcare Compliance by

Almost all of the medical practitioners and practices I have worked with over the years have employed third-party billing companies to help with insurance claims submission and claims management. To say the quality of these third-party billing companies varies greatly would be like saying the Sun is pretty hot.

But when a medical practice has 20 functions it has to perform every day, using a third-party billing company often makes sense. But there are massive risks, and it requires some active management of this vital function. Here are some of the significant risks and techniques to manage those risks:

  1. Diligence and Vendor Selection:
    • Thoroughly research and vet potential vendors before selecting one. Check their reputation and experience, and please, please, please check references. If you happen to be involved in online forums in your practice specialty, ask around about them. References provided by the vendor always give positive reviews (otherwise they wouldn’t be references), so ask about negative aspects of the relationship.
    • Evaluate their expertise in medical billing in your specialty and overall revenue cycle management to ensure they understand the complexities of the healthcare industry. Hint: if they don’t know what revenue cycle management is, politely thank them for their time and find a new vendor.
  2. Contractual Protections:
    • Draft a comprehensive contract that outlines terms, responsibilities, payment arrangements, dispute resolution procedures, risk management, and liabilities.
    • Include clauses that address how breaches of contract or non-compliance will be handled. This should also include their responsibility to help you in the event of an audit by a payor—government or private insurer.
    • PLEASE! PLEASE! PLEASE! For the love (and loathing) of HIPAA, make sure the contract includes HIPAA Business Associate language on the use of protected health information and privacy. If the vendor doesn’t have BAA provisions in their contract, then either make sure you include them or politely thank them for their time and find a new vendor.
  3. Service Level Agreements (SLAs):
    • Clearly define the scope of services and performance expectations in a detailed SLA section of the contract. At the heart of every contract dispute I have ever been involved with is a failure of expectations by one party or another—don’t assume the biller understands your expectations—state them clearly and in writing.  
    • Include metrics, such as claim submission accuracy, reimbursement turnaround time, rejected claims management, denial rates, and any other metric you feel is important to measure the vendor’s performance. Don’t just rely on what they say they provide. Look at their reports and create your own if necessary. If they refuse to do this simple matter, politely thank them for their time, and find a new vendor.
  1. Data Security Measures:
    • Require the vendor to have stringent data security measures in place, including encryption, secure servers, and compliance with HIPAA regulations. Since the biller is usually working remotely (and often from their home), make sure they are using a current Virtual Private Network (VPN) to access your systems. If they don’t know what this is, politely thank them for their time, and find a new vendor.
    • Establish protocols for data access, storage, and sharing to minimize the risk of breaches. Most third-party billers will ask to have access to your EMR system. Work with your EMR vendor to limit the biller’s access appropriately (which is actually required under the HIPAA Security Rule)
  2. Regular Communication:
    • Maintain open and frequent communication with the vendor to stay informed about billing activities, issues, and resolutions.
    • Schedule regular check-ins to discuss performance and address any concerns.
  3. Audit and Monitoring:
    • As Ronald Reagan once said about the USSR’s nuclear weapons program inspections, “Trust but verify.” The billing vendor holds a veritable nuclear bomb for your practice in their hands. Nearly your entire revenue cycle flows through their hands. Trust—but verify their performance. Conduct periodic audits of the vendor’s operations and processes to ensure compliance with agreed-upon standards.
    • Monitor key performance indicators (KPIs) to track the vendor’s effectiveness and identify potential problems early. Your KPIs should be clearly stated in the contract.
  4. Contingency Planning:
    • Develop a contingency plan in case the vendor faces unexpected challenges or goes out of business. This plan should include a process for transitioning the biller’s functions back in-house or to another vendor. Since most vendors now access your data through your EMR, you can easily shut down access by pulling their credentials but always build a plan for disaster. You cannot control events, but you can control your response.
    • Always keep someone on staff who is trained to do the basic billing functions for your practice. They don’t have to be an expert, they just have to be able to do enough to keep the money flowing in the short-term.
  5. Access Controls and Confidentiality:
    • Define who within the vendor’s organization will have access to your practice’s sensitive information.
    • Include confidentiality clauses in the contract to prevent unauthorized sharing of patient and practice data. This is more than just the HIPAA BAA language on HIPAA privacy and the protected health information of your patients. You don’t want the biller to be blabbing about your practice having difficulty with staff or under investigation by HHS or CMS, or about any other problem you are facing.  
  6. Training and Collaboration:
    • Ensure that your staff works collaboratively with the vendor. Provide necessary training to your staff on how to interact with the vendor’s system and processes. Ask the biller how they work and how you work and modify processes as necessary. DOCUMENT THE PROCESSES for both parties.
  7. Regular Reviews and Adjustments:
    • Schedule regular performance reviews and contract evaluations to ensure the vendor is meeting your practice’s needs. Don’t rely on auto-renew of contracts. If you want to extend the contract, renegotiate the contract.
    • Be prepared to make adjustments or terminate the contract if the vendor consistently fails to deliver as expected in the contract. Don’t be the nice guy here. Mistakes happen and the parties should have a process for redemption, but repeated mistakes show a lack of awareness. Remember, they have their hands on a vital aspect of your business.
  8. Escalation Procedures:
    • Establish a clear escalation process for addressing issues or disputes that cannot be resolved through normal channels.
  9. Documentation and Record-Keeping:
    • Maintain thorough records of all interactions, communications, and agreements with the vendor.
    • Keep copies of invoices, reports, and correspondence for reference and potential dispute resolution.
    • Do this to make your lawyer happy in case of a major dispute.

If you are a billing company out there, give us a call to help you build a contract for medical practices that address all of these factors. If you are a medical practice, we can help you evaluate contracts and negotiate better ones.

Related posts:

  1. Three-Physician Practice Pays $125,000 Due to One HIPAA Violation
  2. Annual Audits for Healthcare Entities
  3. Clear English Contract Revision
  4. HIPAA Breaches: What to Do When Medical Provider Mistakenly Sends Protected Health Information to the Wrong Patient
Tags:
, , , , , ,
Print page