Is Your Credit Card Terminal PCI HIPAA Compliant?

World Pay is a company that I have come across that has some really good educational information for clients and perspective clients on Payment Care Industry or PCI Compliance.  HIPAA extends to protect the financial information of clients.  It is important that you have policies regarding your PCI practices or accepting and processing credit card payments.  If your credit card processing company helping you?  Is your credit card terminal PCI Compliant, feel free to check the lists for WPVeriFone EOL Products and WPHypercom T7Plus End of Life that have reached”End of Life” or are no longer compliant.

A company can be out of PCI compliance in two ways 1) the terminal they use does not meet criteria and 2) through processes of gathering, transmitting and storing data.

Let me tell you what impressed me about World Pay.  They have a terminal that is end to end encrypted to protect financial data.  This company has a tremendous about of education materials on this topic. There fee of $14.99/month of PCI compliance includes 24/7 customer service, guidance to get your policies and procedures in place, a third party vendor to provide PCI Accreditation and Certification for that process only, and $30K of indemnity coverage when using their standard terminal or $100K indemnity coverage if your are using their end to end encrypted terminal, they help with negotiations with visa, master card, etc., if their is a breach.  Additional medical audit and HIPAA breach defense coverage may be obtained through Jim Patterson at Agape Insurance

It is important that you ensure your credit card processing machine and process is HIPAA compliant.  Educate yourself and make an informed decision.  I have included links to PCI websites for further explanation of PCI Compliance.

What will you need to have a free PCI Compliance review provided?

1.  Your Credit Card Statement; Does your statement say “non-validation of PCI” with a fee?

2.  Name/Model# of the Terminal(s) being used

3.  Do you have policies and procedures for use, storage and transmission?

4.  Mention this blog from Medical Auditing Solutions

How do you get this complimentary PCI Compliance Review?

Have the information above available and Contact Martin Anderson with World Pay at *martin.anderson@worldpay.us*

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Advertisement

Caring for a Baby-boomer? A New Panel to Discuss Topics to Help you through the Maze

As busy professionals, there are many roles we have signed up for, and some we have not. One of the roles many of us have assumed is as care taker of our parents. There is even a new term to describe our new role, the sandwich generation.

On October 4th, D.R. Saur will host a panel discussion to shed light on the many facets of building a comprehensive strategy to fulfill that role. We will have legal, financial, and insurance experts to answer your questions. We still have a few seats available for both the 9:00 and 12:00 noon sessions. A light meal will be served as well for your convenience.

Seating is limited, so if you and/or your parent would like to join us, please contact Stephanie at DR Saur at 214 559 3944 to reserve your spot. Please see the attached invitation for all the details.

Posted on behalf of Kelly Kunst. One of the most fantastic ladies and perfect to be one of the speakers and head up this panel. She is an expert in financial services, but her passion is educating people on the tough topics.

Speaking Engagements 2011

March 1, 2011
California Association of Medical Providers & Suppliers

Angela Miller speaking for Zirmed Financial Workout Webinar Series

April 20, 2011

VGM’s Heartland Conference

June 8 – 9, 2011

Texas Osteopathic Medical Association

June 17, 2011  10am-noon

Medtrade Fall 2011

October 26 & 27

*********

KY Medical Equipment Suppliers Associate (KYMESA)

November 9, 2011 – Compliance Program Implementation

*********

Paychexs – Irving Texas office contact Christina Rossini to register.

December 6, 2011 – Compliance Program Requirements

*********

Medtrade Spring 2012

April 10-12, 2012

*********

American Association of Osteopathic Executives

May 20-22, 2012

*********

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Compliance Programs Required 3/25/2013

Well, we thought with Health Care Reform Act of 2010 that providers had 3 years from the signature date to have a plan implemented. With the final provisions of the Patient Protection Affordable Care Act, you have until 3/25/2013…less than 2 months to have a compliance plan in place.   They make reference to the 7 element compliance program currently recommended as a basis for the program structure. The final rule has language that reads as though they will withhold payment to providers that do not have compliance program in place.  Don’t worry, we can help you with a simple compliance program that is affordable.

A few other items that impact business decisions. This takes effect 3/25/2011 for all new providers and March 2012 for all existing providers.

1.  Moratorium on Medicare, Medicaid & CHIP provider numbers based on products and number of suppliers in the area.  This may not be as easy anymore.

2.  Application fees of $500 each for all providers excluding physicians and nurse practitioners and their group practices. If a provider applied for Medicare and Medicaid then only one fee will be required, but proof of Medicare application may be required.

3.  New screening and Fingerprinting requirements. Note Florida has had fingerprinting in place for over 8 years. You have to have a criminal record and there are many fraudulent providers that currently do not have a record. This applies to owners of 5% or more of the company, directors and officers.

4.  Unscheduled & unannounced visits to check up on suppliers.

5.  Re-enrollment for Medicare every 3 years and Medicaid annually and fees will apply plus inflation rate for CPI.

6.  New state licensing requirements to come from this also.

If you do not have a compliance program or haven’t taken your seriously, it is a requirement that could result in suspended payments.

With proven experience in the health care compliance, We can help you with a compliance program policies and procedures as well as teach you to manage your program or help you manage the program to ensure you pass the government inspection to ensure effect within 3 years of implementation. They can request random audits for privacy and security to ensure you are meeting requirements and now they have added billing compliance.

We can also help you with provider applications to ensure they are done right the first time.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Happy Holidays!

Warm Holiday Wishes to You

Happy Holidays!  May you be blessed with the riches of life.  As we wind down the year, the holidays are a time to spend with friends and family sharing joy, laughter, and love.  The holidays are also a time of reflection and gratitude.  I want to thank each of you for making this a successful happy year, it has been a true gift in my life.  So many of you are friends, business advisers, business partners, clients, and maybe all of these, but you are truly appreciated.  Some of you make me reflect more often than I might like but I’ll keep you anyway..LOL.  I wish each of you a happy and safe holiday that is a road to a successful new year for you, your family and business.   I look forward to you being a part of my life in 2011 too.

Remember to pray for our soldiers and their families during the holidays, and if you see them during travels thank them.

How to Connect with Medical Auditing Solutions LLC?

You can find a complete scope of services under my blog.  In short, I work with most types of health care providers to setup compliance programs and training and anything that impacts cash flow.

You can follow us through our blog by scrolling to bottom of this blog, click follow then enter your email address.

You may follow Angela Miller and Medical Auditing Solutions if you a a profile on any of the following:

Website: http://www.medicalauditingsolutions.com
Blog: http://www.angelamillermas.wordpress.com or via website
Linkedin: http://www.linkedin.com/in/medicalauditingsolutions
Twitter: http://twitter.com/AngelaMillerMAS
Facebook: http://www.facebook.com/home.php#!/MedicalAuditingSolutions

Those who have recently attended a speaking engagement, I am connecting you through my blog. If you want to connect on the other sites feel free. I do not send out many email blast and utilize my blog the most.

15 Minute Thoughts “Conflict of Interest” & “Role of Compliance Officer”

UPDATE:

September 8, 2010      Conflict of Interest: Pay Attention or Write a Big Check – CANCELED

There will be no live program this Wednesday.

Reminder, Tune back on next Wednesday

September 15, 2010    Compliance Officer:  Who? What? …Really?

We will discuss who can be the compliance officer.  We will discuss the roll of the compliance officer as well as who should be the “supervisor” of the compliance officer.  With the requirement for all health care providers to have a compliance program fully implemented as part of the health care reform bill, this program is for physicians, DME, HME, home health, hospice, pharmacies and other health care providers that bill Medicare and Medicare.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

“15 Minute Thought” Schedule – Free Informational Programs

“15 MINUTE THOUGHT”

MAS is pioneering an informational program that you can listen to over a cup of coffee while you organize your day or on your drive to work. The name of the program is “15 Minute Thought”.  These calls will be free and informative.  Our focus is to give you a new thought once per month to help improve your business during these tough regulatory times.

Program your Phone and Calendar:

The 2^nd* and 3^rd Wednesday Every Month                 at 8:30am-8:45am CST

* Indicates specific audience

MAS Conference Call Dial-in#:         218-862-1300

Conference Code:                               622911

MAS Office number:                          972-459-1508

MAS Fax:                                               214-461-0295

Who should call in?

Any health care provider, Health care business owner or manager, Attorneys, Compliance Officer, and Office Managers

Schedule & Topics

July 14, 2010               Bankruptcy Attorneys & other Attorneys:  What you need to know about Medical Receivables*

July 21, 2010               Patient Visits: Changes, Increase Revenue, & Ordered Services

August 11, 2010         Physicians: NP & PA Visits: Can the non-physician provider be billed under the physician?*

August 18, 2010         Payer Audits Giving “RAC’d” a Whole New Meaning: Tips to Manage Audits

September 8, 2010      Conflict of Interest: Pay Attention or Write a Big Check

September 15, 2010    Compliance Officer:  Who? What? …Really?

October 13, 2010        Dental Providers:  Reform & Common Audit Errors*

October 20, 2010        Reserve Chute: Not just for jumping out of planes

There will be guest speakers.  We will release the brief description of the call within the next 24 hours.  There are plans to have Edward Vishnevetsky of Thompson Coe, Darrell Armer of Looper Reed & McGraw, David Reimer of Dental Medical Economics as well as others guest such as Advocate, MD present over the next few months as we roll this program out.  You will hear thoughts from some of the best in the health care industry.  The guest schedules are not finalized and they may participate in programs setup on this schedule.  We may increase the number of calls depending on the attendance.

Follow MAS Blog for Schedule & Updates.  You can “follow” MAS on all social media and new blog links are published.  We only publish useful information and breaking news.

Blog:  http://www.angelamillermas.wordpress.com or via website
Linkedin:  http://www.linkedin.com/in/medicalauditingsolutions
Facebook:  http://www.facebook.com/home.php#!/AngelaMiller.MAS

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Numerous Physician, Physician Groups, and DME Revocations Coming

The American Health Lawyers listserv released yesterday, there are numerous revocations across physician, physician groups, and DME providers for failure to respond to 855 validation or update requests or the provider was not open or available during a sight visit.  Please ensure you or your staff open mail in a timely manner!  Be sure you take immediate action on any requests from Medicare.  Medicare periodically requests for updates, validation or new 855 payor applications be completed. If the Medicare contractor does a sight visit, you must have hours posted and the door must be unlocked and the person greeted, if it is during your business hours.   Likewise, if you are closed for vacation, post a sign on the door & answering service vacation dates and who patients should see in an emergency.  This may have come as a PECOS notice.  Think of PECOS as your online 855 submission and application management.  Educate your staff to review mail timely and notify you immediately of any requests from Medicare for any response, forms, documentation.  You as the business owner need to review it or have it reviewed.

It seems every time  we turn around there is bad news to deliver to health care providers.  This is a very scary time from audits, revocations, reimbursement cuts along with legible documentation and getting patients to come into the office for an in-person visit when they are physically not capable.  The industry is facing challenges.

Medicare must be notified if you move because they mail requests to the address on file.  Remember, an invalid telephone number or area code can result in revocation as well.  Likewise, the post office does not always deliver the mail and they do not send communication with a tracking number!

You have 30 days to submit a corrective action plan, but be proactive and do it immediately!  The Corrective Action Plan form can be located via the MAC contractor website.  If the Correction Action Plan is denied, there is no appeal!

It is crucial for you to keep your provider number because without it you will not be reimbursed and are subject to loosing other payor contracts. You have to get your number placed in good standing, but this can be a long process.  They also do not have to activate it back to the date it was turned off.  If you need help completing or validating the 855 application or working an appeal, we can help you in a cost effective manner.   We work with several health care law firms that can assist you also.  Be sure no matter who you have help you, they have experience with the application process, understand the health care industry and/or are health care attorneys.

I feel like I need to have a drink or joke of the week blog so I can bring some good uplifting news.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Security Tips to help with HITECH Compliance

Here are some tips for added security, but this is not a substitute for using an IT person, who is familiar with HITECH/Red Flag Regulations.  Remember, encryption prevents the need to report disclosures to HHS and avoids penalties.  These are not the only solutions, so no matter what it is crucial to find encryption solutions.  These are the ones I have implemented although I rarely have more than a patient name in reports and do not have more than a patient name or account number in audit reports. 

Prior to starting any process and for your business sanity, ensure you have a current backup of your system.  Remember, onsite backup should have enough “disks” to rotate for several weeks.  Also they do need to be replaced periodically because they can fail after they have been used repeatedly.  There are many free or inexpensive options for offsite and automatic backups including Carbonite, Mozy, Amazon S3, Rackspace and others.  The Jungledisk interface which backs up to Amazon’s S3 or Rackspace is an automatic backup that is thoughtless and has saved my butt many times. These also permit you a second “drive” that can function as a network drive if you need to work on a document while you are away from your office; although you do need internet access.

Security software can be vastly expensive and still not catch viruses.  I use AVG for small business which is about $50/year.  AVG has a firewall plus I have a network firewall.  If you use a wireless network, make sure your settings are the highest or newest released, as of the moment that will be WPA2. I changed my own settings so it is relatively easy.  I have had great luck with AVG from a protection standpoint.  This does not bog down my system so I have to push molasses up hill.  The processing speed is barely impacted.

Truecrypt is a hard drive encryption program that is free for home and small businesses.  The company price is very inexpensive!  It has 256-bit encryption and most banks use 128-bit so should be good protection.  This is pretty simple although, I would recommend using the IT specialist I mentioned.  Now, you will have to consider whether to encrypt the entire drive or part of the drive, it will impact processing speed.  If you have an extensive number of employees I would recommend the entire drive because you cannot ensure they will save documents with PHI in the encrypted drive.  You will also need a 20+ digit password for each computer that can be remembered.

The browser FireFox has 256-bit encryption while Internet Explorer has 128-bit encryption.  Firefox is a little different but not terribly noticeable and now it is all I use.  Firefox is also a free browser.

Myfax is an “internet” fax that will send you notifications via email.  There faxes are PGP encrypted; however, what I learned was you need to receive a email notification, login to your account, and download the file direct to your computer.  If it comes as an attachment to your email then the PGP encryption is void.  The cost is about $10/month for home or small business, but the corporate account is not expensive.

Cutepdf Professional costs about $50.00 you can print documents to pdf (this is in the free version) but if you need to send that document to your consultant or CPA the professional version allows for password protection as well.  You would not put the password in the same package as the CD or in the same email.  It will allow you to open a PDF and make a text box for notes that will print out.  So you do not have to recreate the information then add notes in another tool.  This may be more depending on the number of licenses you need.

When printing and saving reports from your billing system, you can export to excel or similar file, leave the patient account number or patient name only but take out address, and other identifying information that will identify 1 specific person.  These will be HIPAA compliant if all Patient specific information is removed.

Ensure staff understands they cannot place PHI or patient financial information in an email.  Having an email encryption program may not be the solution right now because if you use for example PGP email encryption the receiver of the email must have the same email encryption program and the key code (password if you will).  This may be problematic for awhile.  So this is why I want to give you some other options.  One such one is Hushmail which is a 1028bit online e-mail service, where your e-mail never leaves their servers, and so remains encrypted end to end.  But both sender and receiver have to have accounts (though they do have a free option, you must use it regularly though).

I understand processes, but the inner working of IT I utilize experts.  I am not affiliated with nor promote any specific product, these are only suggestions.  I hope you will subscribe to my blog as well as provide comments.  I use this to broadcase updates and tips to help you run your business.  If you need help with your IT network solutions, here is a  contact that works on my office equipment and they can work with clients nationally.  A big thank you to Glenn for helping me with the correct lingo!

Glenn Kimball         GWK Technologies           

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.