Texas Dental Providers – Take Aways from HHSC Committee Meeting 3/20/12


I listened to the live Texas Senate Committee meeting regarding the Health and Human Services Commission (HHSC) Charge 4 (dental & orthodontics) yesterday 3/20/12.  Unfortunately, this Senate Committee is concerned about the amount of money paid for orthodontic services and convinced Orthodontic services were provided at an abusive level and they want this money back.  I am providing what I took away from this meeting and we will discuss how to protect yourself.

  1. Senator Jane Nelson is willing to push thru legislation to allow parents in the treatment room.  I didn’t understand this…I suspect she has received a complaint from a parent where the Dental Provider refused to allow the parent in the treatment room.  My opinion is, this is one thing if the room has a door or if the patient is sedated because you do not want to add liability to your business.  Having a second company staff member in the room present will reduce risk as well.  As for HIPAA, what are your privacy and security policies for this situation?  If you do not have policies, they have been required since 2003 and 2009 respectively so very important to get this done.
  2. They want to go after dentist for the unlimited orthodontic visits.  Policy said “unlimited”!  Keep in mind if the Dental Provider was racking up unnecessary visits, it doesn’t matter if it is unlimited visits in policy, the visits were unnecessary therefore a potential fraud and abuse overpayment.  If these were legitimate visits and necessary, you should not pay that money back.  So policy for this is being reduced to 12 visits, they say.
  3. They pay for transportation to the dentist if the patient cannot afford it.  At present the patients are paid upfront or MCD pays the transportation company.  In the future, they will have to provide proof of visit and proof they used the transportation to be reimbursed.
  4. They are looking at bundling orthodontic rates versus per visit rate.
  5. More talk of suspending provider numbers based on allegations of credible fraud.  This is huge and critically important to include exit interviews with staff that is leaving the company.  You also need to have a compliance program with reporting mechanism in place.  If you collect $5M or more in Medicaid funds you were required to have a healthcare compliance program in 2007.  All other Medicaid providers are required to have a compliance program by 2013.
  6. Inspector General has 31 current investigations of Orthodontic practices at this time.
  7. Senator Jane Nelson and the committee want the business to have to be licensed and registered with the dental board similar to a pharmacy with the pharmacy board.  I suspect changes will follow for a proposal of such.  This will bring additional revenue into the Dental Board but it will permit investigations into complaints of ABC Dental versus the need for a dental providers name which is the current requirement.
  8. Expect audits to pick up on Orthodontic services.  They noticed as of 10/1/11 when the requirement to send molds went into place, request dropped and PARs were denied.  If you provided orthodontics to children under 13 or now 12, those are especially at risk for audit.
  9. They put a lot of emphasis on HLD Scores.  Where do you record these and how you measure to get the score?
  10. The TMHP Medicaid contractor responsible for reviewing this information basically rubber stamped requests.  They did not review for “medical necessity;”  it was primarily to make sure the form was completed and the HLD Score was >=26.  The Dental Director was terminated and they have hired a replacement.  They HHS/IG will be auditing the approved PARs (Prior Auth Requests) and recouping money.  The debate is if they will recoup from TMHP or from the provider.  Again, if the services were fraudulent and dishonest it, I fully expect they will go after the provider.  There is always a possibility if TMHP didn’t review and it did not meet the coverage criteria, they will try to recoup from the provider as well.  They expect these audits to be complete in 6-12 months and they have already started.
  11. By using Dental Managed Care Payers, these organizations have experience in other states and they have ideas on how to reduce Fraud & Abuse (F&A).  They think by using someone with experience to review and process these claims will reduce F&A.
  12. On the federal level, in 2010 Office of Audit Services contacted Texas inquiring about Orthodontic billing and providers.  So the federal government has taken notice of Texas and since they provide funding to the medicaid program, Texas has to respond to the concerns.
  13. No recruiting clients in parking lots….…this seems to be an issue.
  14. The HHSC office admitted the policies were such that it didn’t catch issues and the department processing was not staffed properly.
  15. I would expect a tremendous increase in audits and policy changes.
  16. Texas spent as much as 49 other states total from 9/1/08-5/28/11 on Orthodontic services.  An additional 500,000 kids were seen for checkups after the rates increased in 2008 by 50-100% than in previous years.
  17. The committee suggested HHSC do a Cost Benefit Analysis on providing orthodontic care to children and if that prevented excessive spending later if it were not done.

Now, what should you do?  I strongly recommend the following and sometimes it is good to get an outside consultant to review because of objectivity and the familiarity with issues being identified.

  1. Make sure you have HIPAA policies in place that are applicable to your business.
  2. Assess whether you need a healthcare compliance program now (because you were required in 2007) or if not make a plan to get this done.
  3. Items 1 and 2, a vital if you are investigated now even if not required.  Corporate culture is first questions the government asks.
  4. A sample audit of claims.  This is critical because you need to assess your risk as a company.  Assess the documentation versus coverage criteria.
  5. If audited, NEVER just cut a check for the overpayment requested!  Why, you ask?  The payer sees this as admission of guilt and if they haven’t extrapolated already they are more likely to do so.  This is not a good surprise to get in the mail6-12-14 months later!!  I have seen this happen.  Get a consultant and attorney and prepare a defense.  It will be less expensive to do when you get the audit than after the appeal process has started.

We work with several dental practices and the goal is to educate providers so they reduce risk and pass audits.  We also work with Looper, Reed, and McGraw LP, a law firm with attorneys that specializes in dental practices.  We work as a team with our practice and emphasize “proactive”operations.  We will be happy to schedule

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Training for Compliance & HIPAA Privacy and Security


Medical Auditing Solutions LLC launched the Compliance University in September 2011 and is please to announce that for 6 of the programs we have received Continuing Education Credits by Texas Occupational Therapist Association (TOTA) (15 hours) , Texas Board of Professional Counselors (6 hours minimum) , and BOC USA (9.5 hours).

What are you waiting for?  You have to train staff annually on compliance program requirements, fraud and abuse, billing,privacy and security. You have to be able to prove this training was given.  Does your staff have time to develop, track and update?  Did you know the OIG is auditing for these policies, training, sanction checks, and more in 2013 for providers that $5M in annual collections from Medicaid programs?  Did you know that OCR is auditing all types and sizes of healthcare providers from HIPAA privacy and security in 2012 and years to come?  Did you know the state inspector generals and health and human services will be auditing for these policies as well?  We can help you will all aspects of your compliance and HIPAA programs.

These requirements apply to all healthcare providers, DME, home health, physicians, and dental providers.  The size of your business does not matter for HIPAA.  As of  February 2013 for Compliance applies to all as well.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

ZPIC Audits What We’ve Learned from 2011 and other Audit Risks Webinar


Edward Vishnevetsky, healthcare attorney with Munsch Hardt has asked Angela Miller to join him as a guest speaker during his presentation next Thursday, February 9, noon-1pm CST.  Audits are inevitable at this point, so better be prepared and proactive for the audits that are coming.  Join us as we discuss ZPIC audits and other audits you can expect in 2012, such as HIPAA, OCR, Medicaid RAC, Commercial audit expansion. Also learn how best to prepare and prevent  adverse outcomes.

You are Invited to Join our Complimentary Medicare ZPIC Audit Webinar

Featuring Topics on:

Changes to Medicare ZPIC and RAC Audits
The Office of the Inspector General’s (OIG) take on Audits in 2012 based on the 2012 OIG Work Plan
Which HCPCS codes may be most vulnerable and subject to scrutiny
How DME suppliers can work with physicians, hospitals and manufacturers to assist in responding to audits
Tips on how to effectively respond to audits (based on lessons learned in 2011)
Other Audit Risk and Prevention

Presentation Given By:

Edward Vishnevetsky

Attorney at Munsch Hardt Kopf & Harr, P.C.

Featuring Guest Speaker:

Angela Miller

President of Medical Auditing Solutions LLC

Date: Thursday, February 9th, 2012

Time: 12:00-1:00 PM CST

Cost: Complimentary

To reserve your Webinar seat, please click here.

After registering you will receive a confirmation email containing information about joining the Webinar.

If you have any questions, please contact Ashley Thomas.

Edward Vishnevetsky has successful defends over 40 physicians, DME providers and HHAs against ZPIC, CERT, MAC and RAC Audits; achieved 100% success rate in removing providers from pre-payment audit.  Successfully defended over 100 providers through all stages of Medicare appeals, including the Administrative Law Judge (ALJ) level.  Read more at Munsch-Vishnevetsky

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

HITECH Compliance & Implementation Tips Happy Hour


Starts: Wednesday October 27, 2010, 05:30PM CDT
Ends: Wednesday October 27, 2010, 07:00PM CDT
Event Type: Conference
Location: BlackFinn
4440 Beltline Rd
Addison, TX  US
Intended for: Physicians, Office Managers, Information Technology Managers, Privacy Officers, Health Care Attorneys, Owners, Upper Management, Senior Level Management
Industry: hospital, physician, dental, pharmacy, DME, home health care
RSVP: kpearson@marjencapital.com or angela@medicalauditingsolutions.com
Organization: Marjen Technology Group & Medical Auditing Solutions LLC

This event is exclusively for health care providers and health care attorneys due to the content of the program. Please RSVP as seating is limited to 35.

HIPAA HITECH Happy Hour Drink Coupons & Appetizers Provided

We will provide a short presentation on new HITECH HIPAA highlights 6:00pm-6:30pm allowing time for Q&A

Topics:  Meaningful Use, What is Encrypted, and Tips to encryption without breaking the bank

Speakers:   Karen Pearson & Raj Croager Marjen Technology Group

Angela Miller Medical Auditing Solutions LLC

There will be prizes worth showing up for such as a new WatchGuard firewall that protects PHI before it leaves and Consulting Certificates.

MARJEN Technology Group is a privately held technology services company located in Arlington, Texas, bringing over two decades of experience to Dallas/Fort Worth area businesses.  Our mission is to bring enterprise class technology and services, at affordable prices, to small and medium size businesses.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria through compliance program development, management and training.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

HIPAA Privacy Settlement – $1 Million


With all the new enforcement efforts for privacy violations, better read this and take note.  If you are not sure you are HIPAA compliant MAS can provide security as well as chart and process assessment to help you.  This article is so important, I couldn’t find the short link so recopied exact with all Ms. Stamers contact information as well.

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case As Office of Civil Rights Proposes Tighter HIPAA Privacy & Security Regulations

August 4, 2010 <!–Cynthia Marcotte Stamer–>

Stay Tuned To Solutions Law Press For More Details

One of the nation’s largest drug store chains, Rite Aid Corporation and its 40 affiliated entities (Rite Aid) will pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.  The U.S. Department of Health and Human Services (HHS) Office of Civil Rights announcement of the HIPAA resolution agreement with Rite Aid and the concurrent negotiation of a separate consent order of potential FTC Act violations between Rite Aid and the Federal Trade Commission (FTC) follows HHS’ announcement of proposed changes to its HIPAA Privacy Rules and associated penalties in response to changes enacted under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).  The Rite Aid settlement and the proposed Privacy Rule changes illustrate the growing penalty risks that health care providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) face for violating the Privacy Rules.

Rite Aid Resolution Agreement

The Rite Aid resolution agreements settle charges that Rite Aid failed to appropriately safeguard the privacy of its customers when disposing of identifying information on pill bottle labels and other health information. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.

OCR opened its investigation of Rite Aid after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public in a variety of Rite Aid locations in cities across the United States.  OCR and FTC previously settled a similar case involving the national drug store chain CVS in February 2009.

The HIPAA Privacy Rule requires covered entities to safeguard the privacy of patient information and other “protected health information” including during its disposal.  In addition to the detailed requirements for protection and safeguarding of protected health information and electronic protected health information under the Privacy Rules, breach notification rules added to HIPAA under the HITECH Act also generally require that Covered Entities investigate and provide timely notification of breach to patients, OCR and in some cases the media when “unsecured protected heath information” is breached.  Meanwhile, the FTC Act and associated regulations require those retailers and certain other parties receiving personal financial information to comply with certain requirements for the protection and use of that information and to provide certain notifications of their privacy polices for protecting personal financial information.

The joint OCR and the FTC investigations raised concerns that:

  • Rite Aid failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process;
  • Rite Aid failed to adequately train employees on how to dispose of such information properly; and
  • Rite Aid did not maintain a sanctions policy for members of its workforce who failed to properly dispose of patient information.

Under the HHS resolution agreement, Rite Aid agreed to pay a $1 million resolution amount to HHS and must implement a strong corrective action program under which Rite Aid agreed to:

  • Revise and distribute its policies and procedures regarding disposal of protected health information and sanctioning workers who do not follow them;
  • Train workforce members on these new requirements;
  • Conduct internal monitoring; and
  • Engage a qualified, independent third-party assessor to conduct compliance reviews and render reports to HHS.

In addition, under its FTC consent order, Rite Aid separately agreed to external, independent assessments of its pharmacy stores’ compliance with the FTC consent order.

The HHS corrective action plan will be in place for three years; the FTC order will be in place for 20 years.

Proposed Privacy Rule Changes

The Rite Aid resolution agreement and consent order follows the July 8, 2010 publication by OCR of proposed changes to its existing HIPAA Privacy, Security, and Enforcement Rules in response to amendments enacted under the HITECH Act. Because of the lead time required to implement needed changes in policies, technology and training, Covered Entities need to begin preparations to adjust their health information privacy and data security policies and practices in anticipation of the finalization and implementation of these rules as well as to act quickly to submit their comments about the proposed changes.  .

The more than 220 page Notice of Proposed Rulemaking (NPRM) proposes to revise the existing Standards for Privacy of Individually Identifiable Health Information (Privacy Rule); the Security Standards for the Protection of Electronic Protected Health Information (Security Rule); and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under HIPAA.

The author of this update, attorney Cynthia Marcotte Stamer, has extensive experience advising and assisting health care providers and other health industry clients with HIPAA and other privacy and data security, reimbursement, compliance, public policy, regulatory, staffing, and other operations and risk management matters. Ms. Stamer also is regularly conducts training on HIPAA and other health industry compliance, management and operations matters.  You can get more information about her health industry experience here.  If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872  or via e-mail here.  You may link to her on Plaxo and Linkedin as well where she posts she articles.

Security Tips to help with HITECH Compliance


Here are some tips for added security, but this is not a substitute for using an IT person, who is familiar with HITECH/Red Flag Regulations.  Remember, encryption prevents the need to report disclosures to HHS and avoids penalties.  These are not the only solutions, so no matter what it is crucial to find encryption solutions.  These are the ones I have implemented although I rarely have more than a patient name in reports and do not have more than a patient name or account number in audit reports. 

Prior to starting any process and for your business sanity, ensure you have a current backup of your system.  Remember, onsite backup should have enough “disks” to rotate for several weeks.  Also they do need to be replaced periodically because they can fail after they have been used repeatedly.  There are many free or inexpensive options for offsite and automatic backups including Carbonite, Mozy, Amazon S3, Rackspace and others.  The Jungledisk interface which backs up to Amazon’s S3 or Rackspace is an automatic backup that is thoughtless and has saved my butt many times. These also permit you a second “drive” that can function as a network drive if you need to work on a document while you are away from your office; although you do need internet access.

Security software can be vastly expensive and still not catch viruses.  I use AVG for small business which is about $50/year.  AVG has a firewall plus I have a network firewall.  If you use a wireless network, make sure your settings are the highest or newest released, as of the moment that will be WPA2. I changed my own settings so it is relatively easy.  I have had great luck with AVG from a protection standpoint.  This does not bog down my system so I have to push molasses up hill.  The processing speed is barely impacted.

Truecrypt is a hard drive encryption program that is free for home and small businesses.  The company price is very inexpensive!  It has 256-bit encryption and most banks use 128-bit so should be good protection.  This is pretty simple although, I would recommend using the IT specialist I mentioned.  Now, you will have to consider whether to encrypt the entire drive or part of the drive, it will impact processing speed.  If you have an extensive number of employees I would recommend the entire drive because you cannot ensure they will save documents with PHI in the encrypted drive.  You will also need a 20+ digit password for each computer that can be remembered.

The browser FireFox has 256-bit encryption while Internet Explorer has 128-bit encryption.  Firefox is a little different but not terribly noticeable and now it is all I use.  Firefox is also a free browser.

Myfax is an “internet” fax that will send you notifications via email.  There faxes are PGP encrypted; however, what I learned was you need to receive a email notification, login to your account, and download the file direct to your computer.  If it comes as an attachment to your email then the PGP encryption is void.  The cost is about $10/month for home or small business, but the corporate account is not expensive.

Cutepdf Professional costs about $50.00 you can print documents to pdf (this is in the free version) but if you need to send that document to your consultant or CPA the professional version allows for password protection as well.  You would not put the password in the same package as the CD or in the same email.  It will allow you to open a PDF and make a text box for notes that will print out.  So you do not have to recreate the information then add notes in another tool.  This may be more depending on the number of licenses you need.

When printing and saving reports from your billing system, you can export to excel or similar file, leave the patient account number or patient name only but take out address, and other identifying information that will identify 1 specific person.  These will be HIPAA compliant if all Patient specific information is removed.

Ensure staff understands they cannot place PHI or patient financial information in an email.  Having an email encryption program may not be the solution right now because if you use for example PGP email encryption the receiver of the email must have the same email encryption program and the key code (password if you will).  This may be problematic for awhile.  So this is why I want to give you some other options.  One such one is Hushmail which is a 1028bit online e-mail service, where your e-mail never leaves their servers, and so remains encrypted end to end.  But both sender and receiver have to have accounts (though they do have a free option, you must use it regularly though).

I understand processes, but the inner working of IT I utilize experts.  I am not affiliated with nor promote any specific product, these are only suggestions.  I hope you will subscribe to my blog as well as provide comments.  I use this to broadcase updates and tips to help you run your business.  If you need help with your IT network solutions, here is a  contact that works on my office equipment and they can work with clients nationally.  A big thank you to Glenn for helping me with the correct lingo!

Glenn Kimball         GWK Technologies           

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

Social Media Security and Privacy


Social Media sites are becoming a way of communicating with the world.  Remember, no matter what social media site you are using whether it is an instant message, website profile, social network or skype or similar sites, your communication can be viewed or intercepted.  If you have any of these social media profiles, do not publish your address, DOB, or any other information that could be used to steal your identity, break into your home, stalk you or your children.  Use the incorporation date of your business or a combination of information and chose not to publish your address and DOB.  Ensure you obtain your free annual credit report to review for accuracy.  There are also programs that will monitor your credit activity for potential theft.

Publishing any personal information can lead to not only credit or financial fraud but health care fraud also.  Protect your information.

Remember, this method to communicate with patients is not with HIPAA, HITECH and Red Flag rules if you are exchanging any credit, financial or other personally identifiable information whether health or otherwise.

As a note, you can find us on all Social Media sites: Facebook, Myspace, Linkedin, Plaxo, Twitter.  We do submit blogs through these sites and occasional other notes so you can stay updated through status notifications.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller ran a very successful compliance program for over 5 years for the largest private held HME/Pharmacy provider in the US at the time.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back-end collections. You can visit our website at Medical Auditing Solutions LLC.

What’s New with HITECH HIPAA Rules?


Are you wandering what in the heck is HITECH and how this impacts your business?  Let’s do a very simple review of the increased accountability and higher penalties.  All existing HIPAA requirements are unchanged; however, if you have not effectively implemented HIPAA policies, training, compliance auditing, and security within your office it is crucial to get busy.  The penalties are as substantial as with penalties associated with billing non-compliance.

With the new HITECH requirements:

  1. The privacy and security requirements and penalties extend to the business associates,
  2. Establish a mandatory reporting requirement for any breach by covered entities and business associates of unencrypted data,
  3. Creates new privacy requirements for covered entities and the business associates which include accounting requirements for the electronic health records, restrictions on marketing and fundraising activities, and others,
  4. Creates new criminal and civil penalties for non-compliance which are substantially more than in the past,
  5. Establishes a federal audit protocol to ensure compliance, it is no longer complaint driven audits.

This means you need to cover your back-side through a proactive HIPAA security & privacy audit.  It will be much cheaper to pay a little up front for protection than be hit with the outrageous penalties plus face criminal and/or civil action.  I have included a short check list for the basics:

  1. Do you have Privacy Notice of Uses and obtain a Signed Acknowledgement for them?
  2. Do you obtain a Authorization to Release information to spouses or any other party prior to sharing information?
  3. Does each employee have a unique username and password to the EMR or billing system?
  4. If you have a patient portal, how often do you require them to change their username and password?
  5. Are patient files stored in a locked file cabinet or locked room at the end of the day?
  6. Do you obtain business associate agreements for vendors that work with your company?
  7. Do you have annual HIPAA training?
  8. Do you have an annual security audit for all systems access and back-end IT fields?
  9. Do you have annual privacy compliance audits, which is more patient “chart” related?
  10. Are all your programs and network encrypted with the latest or highest encryption possible?

This is a short list of areas for HIPAA Compliance but is not all inclusive.  If you have answered no to any of the above questions, it is very important that you improve those areas to prevent costly penalties.   The penalties associated with unauthorized disclosures or breaches of information can be as severe as penalties associated with false/erroneous billing.  We can help you get in compliance.  You may be doing some of these things but don’t have the policies to back it up.  It is important as with any compliance program to have written policies and procedures, implement the program, have on going training, periodic audits to test policies, and options for reporting potential violations or concerns.  All of these actions will show best efforts and mitigate exposure becoming criminal and/or penalties that may be associated with any breach.

Angela Miller of Medical Auditing Solutions LLC has been in health care compliance, auditing, billing, collections and HIPAA for over 18 years.  Ms. Miller has made it the  focus of the business to help providers run their businesses efficiently, collect money, and maintain compliance with federal and state regulations and coverage criteria.  Ms. Miller is very experienced with Medicare & Payer audits.  Ms. Miller  also works as a contract compliance officer to provide an avenue to compliance training to staff, implementation of policies, as well as handling anything that affects cash flow from the initial intake to back end collections. You can visit our website at Medical Auditing Solutions LLC.

Scope of Services for www.medicalauditingsolutions.com


We thought it would be helpful if in our first blog we explained our SCOPE OF SERVICES for the Medical Auditing Solutions LLC.  We work with all types of health care providers including Durable Medical Equipment, Respiratory Med Pharmacy, Sleep Labs, Home Health Agencies, Small Physician Practices and Hospital Systems.  Our clients revenues vary tremendously from $2M-well over $100M annually.  Our focus is to help you manage your business by giving your problem solving direction although we can perform the hands on work as well.

  • Compliance/HIPAA Audits
    • Review patient charts to ensure compliance with billing and regulatory requirements and exit with management to discuss any areas of weakness with a written report to follow
    • All improve collections and efficiency
  • Compliance Program Development and Training
    • We can review your existing program and provide updates
  • Due Diligence Audits
    • Review patient charts as above and provide general feedback on branch, personnel, location, etc.
    • See Compliance Audits
  • Investigations including audits, interviews, etc. in coordination with your attorney, if applicable
  • Medical Accounts Receivable Analysis for Improved Collections
    • Review a sample of writes for accuracy and potential recovery
  • Medical Accounts Receivable Aging claim filings and staff education
  • Regulatory Affairs Filings To Do Business (NPI, licensing, permits, DBA’s, Certificates of Authority, provider/supplier applications)
    • Handle all filings, follow-up and renewals
  • Assess Medical staff knowledge and positions
  • Assess overall location
  • Assist with Health Care Accreditation, HR, and Operations
  • Work with the business to improve overall efficiency and profits
  • Practice Management and Quality of Care Auditing
    • Other healthcare consulting as needed see website

Monthly Availability via a retainer at competitive rates customized for your needs and the time period needed.