A Quick Guide to Healthcare Compliance and Medical Billing

Though most professionals focus on healthcare compliance in care delivery and data privacy, medical billing also has regulations that must be followed. Let’s take a closer look at how medical compliance interacts with healthcare billing and payments.

Please note that the information here is provided for educational purposes only and should not be construed as providing legal advice.

Understanding Healthcare Compliance

Healthcare compliance refers to the legal, ethical, and professional rules for healthcare organizations and providers to protect patients, improve the quality of care, and ensure a trustworthy healthcare system. The rules and regulations governing healthcare compliance act as a code of conduct that drives accountability and protects the healthcare provider’s integrity.

Although there are plenty of healthcare compliance processes, here are the major regulations you should be aware of:

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) governs federal standards for safeguarding patients’ Protected Health Information (PHI). It also ensures the confidentiality, integrity, and availability of PHI created, maintained, processed, transmitted, or received electronically (ePHI).

HIPAA provides healthcare patients with the right to request:

• Privacy protections for PHI
• An accounting of disclosures, which allows patients to check that healthcare providers are disclosing PHI in compliance with HIPAA
• Copies of health and payment information
• Amendments where errors exist in their health and payment information

This regulation also states that healthcare organizations and providers must inform patients they will be notified if there is a data breach. This notification must include the contact information of a Privacy Offer, who is responsible for receiving and resolving HIPAA-related complaints.

HITECH Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law to promote the adoption and meaningful use of health information technology. From a compliance standpoint, this act also addresses privacy and security concerns associated with electronic transmission of health information.

Additionally, the HITECH Act expands on HIPAA’s privacy and security regulations. For example, the original rules did not enforce the obligation for business associates of HIPAA-covered entities to comply with HIPAA. The HITECH Act applied the HIPAA Security and Privacy Rules directly to business associates, making them liable for HIPAA compliance. It also increased penalties for failure to comply with HIPAA.

Fraud and Abuse Laws

There are five main Federal fraud and abuse laws that apply to healthcare organizations and physicians. These are:

• The False Claims Act (FCA). This act makes it illegal to submit claims for payment to Medicare or Medicaid that you know or should know are false or fraudulent. It also contains a whistleblower provision that allows a private individual to file a lawsuit on behalf of the United States.
• The Anti-Kickback Statute (AKS). This law prohibits medical businesses and organizations from offering rewards in exchange for patients or referrals. The AKS outlines penalties for both the payers of the rewards and the recipients of the rewards.
• The Physician Self-Referral Law (Stark Law). This law prohibits medical providers and physicians from referring patients to receive health services payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship. These include both ownership/investment interests and compensation arrangements.
• The Exclusion Authorities. The Department of Health & Human Services Office of Inspector General (OIG) is required to exclude individuals and entities convicted of certain types of criminal offenses from participating in all federal healthcare programs. In particular, excluded physicians may not bill Medicare and Medicaid patients for treatment.
• The Civil Monetary Penalties Law (CMPL). OIG is authorized to seek monetary penalties and exclusion based on the type of violation at issue. For example, if your healthcare organization violates the AKS, the OIG may seek civil monetary penalties from your organization.

Violating any of the rules and regulations discussed in this article can result in criminal penalties, fines, exclusion from Federal healthcare programs, or loss of medical license from your State medical board.

The Role of Compliance in Medical Billing

From a billing standpoint, medical compliance ensures that providers and healthcare organizations engage in ethical and accurate billing practices. Here are a few common compliance pitfalls that your healthcare practice or organization may come across:

• Inaccurate coding. This includes billing for a higher level of service than was actually provided (upcoding), billing for a lower level of service than was actually provided (downcoding), and incorrect modifier usage.
• Insufficient documentation. Especially when just starting, medical practices and organizations may not maintain sufficient documentation to support the services they’re billing. This can lead to denials and audits.
• Incomplete patient records. Healthcare organizations may fail to obtain or include crucial information in patient records, leading to billing errors. Additionally, they may fail to verify a patient’s insurance eligibility.

Aside from compliance-related issues, you may also face challenges such as poor claims management, inconsistent data governance, and ineffective technology usage. All of these problems combined make it more difficult for your organization to comply with healthcare regulations.

Best Practices for Ensuring Compliance in Medical Billing

Although healthcare compliance in medical billing can be intimidating for physicians and healthcare organizations, there are ways to mitigate any compliance issues and ensure that your processes follow the set regulations. Here are a few best practices your organization should follow:

• Staff training and education. To ensure professional conduct in the workplace, offer staff training sessions to go over medical regulations and compliance. For staff members dealing specifically with billing, such as front office staff or dedicated medical billers, include training courses that review common issues and the correct, compliant billing processes.
• Implement compliant policies. Don’t rely on your staff members’ knowledge of healthcare regulations—also implement dedicated compliance programs and policies, baking these rules directly into your organization’s processes. That way, staff members will follow legal rules simply by obeying your medical organization’s policies.
• Utilization of technology. Use tech tools that comply with HIPAA and the HITECH Act, ensuring your patients’ data is safe. Plus, with the right solution, you’ll have an easier time tracking services rendered and billing processes, making it easier to acquire the right payment in a timely manner. If you’re looking for a medical billing solution to augment your tech stack, check out PracticeSuite’s guide to top providers.

Additionally, continuously monitor any regulatory changes and keep your policies up-to-date. By doing so, you’ll never be caught off guard by new regulations and will always be prepared to adjust your processes accordingly.

Ultimately, healthcare compliance in medical billing breaks down into two main aspects: billing accuracy and data privacy. As you look into making adjustments for a more compliant medical billing process, keep these two aspects in mind to ensure your organization stays compliant with medical regulations, protecting you from any legal issues.