Author Archives: Blog HIPAA

Surprise Bill Obligations

NYS and other states have implemented regulations referred to as “Surprise Bill Regulations” to address a consumer demand for transparency as to healthcare providers participation in health plans. Simply put, providers, all providers, are required to post what health plans they are contracted with and participating, advise patients what their economic exposure is if they are not par with a patient’s plan, and refer to other providers also in a patient’s plan.

While it sounds like a lot of extra work it’s a good exercise, even if you were not required to do so. Post the plans in your office, post them on your website, and provide a written notice, for patient signature acknowledging the patient’s responsibly – economically, if you are out of network.

In reality its not that hard, and compliance should not be a material burden. You and your staff after all, should be well aware of the plans and products that you do participate with. If not, confirming which you are in, and which you are out. Getting clear the plans you par with will improve your receivables management.

You can simplify your referrals by assuring your usual labs and other ancillaries are par with the plans you par with as well. As for your referrals to other physicians, build yourself a matrix of your frequent referral receivers and the plans they claim on their websites that they par with. In doing so, you actually are meeting a contract obligiaotn of every health plan you par with, which has always required you to restrict your referrals to other par providers. Some payers have been terminating physicians that routinely refer to non-par physicians/providers as their prune their networks. So, think of this effort as self-protection of your participation.

As you check on the participation status of your usual receivers of referrals, don’t fall into the trap of accepting “we take all insurances”, or well take all your patients, and your patients will never be billed. This may mean that what that provider is doing, and this technique is rampant with non-par labs, is they will bill the insurance of the patient, even if they are not par, and then write off the balance of the bill not paid. While it may seem like they are doing your patient a favor, and making it easy to keep referring to them, they are setting you up to take the fall for referral to a non-participating provider. Data analytics of any payer will identify you as the source of these out-of-network referrals, which often come at extraordinary charges. For non-physicians that you refer to, labs, physician therapy, and the like, ask them for a list on their letterhead of the plans that they are contracted with – this is your get out of jail card if a payer take issue with your referrals.

The entire exercise, keeping care within the patient’s plan network is good for the satisfaction of your patients. Nothing negatively impacts a patient’s relationship with a physician than a physician that puts them in economic harm’s way by referring them to a non-par physician exposing them to costs not covered by their insurance.

If you have to break a long-standing referral relationship because that provider is not par with the plans you participate with, you are doing so to protect your patients. Few physicians want to add hurt to illness by adding a financial burden on top of the burden of illness.

Author Bio:
Alex Tate has been part of the healthcare Industry for over 6 years. He has been writing and analyzing content pertaining to healthcare. His particular specialty is regarding his research and works regarding specialized EHR. Specifically Oncology EHR.  His belief in technology, compliance and cost reduction have opened new horizons for people in the health care industry. 


What is required for HIPAA Compliance?

What is required for HIPAA Compliance? Here’s a Checklist!

Lots of our visitors ask us “what is required for HIPAA compliance?” Because this is such an important question, we try to direct our visitors to the most trusted sources for HIPAA education. The most important aspect to remember is that a checklist based “solution” is my no means affective. What we do endorse is the ability to use a checklist to understand what aspect of HIPAA you are doing, and to recognize ones you may have looked over or need to address in further detail. We recommend taking a look at Compliancy Group who has two resources for your organization, whether you’re a Covered Entity or a Business Associate. First, we recommend reading and downloading their HIPAA compliance checklist. Or you can register for their HIPAA compliance checklist webinar!

Some of the key findings in the checklist highlight Business Associate Agreements, and also help point out the need for more than just a security risk assessment. As many are familiar with there is a need for HIPAA training, but we do appreciate how it points out the need for documentation of training and other attestations.


Please let us know any other resources you are looking for and questions you may have in regards to HIPAA compliance, and we would be happy to help!




Do you know your Business Associates?

Knowing who is a Business Associate can be difficult and confusing for Covered Entities. Through our surveys of the market BlogHIPAA has identified that most Covered Entities need help identifying their Business Associates, and do not understand how to confidently audit and determine if they are in compliance with HIPAA. We believe this webinar will be helpful in showcasing everything you need to know to help determine these issues in your practice and business . We have included a link below to register for this event.

Register Here.





Infographic: HIPAA Do’s and Don’ts

Violating HIPAA regulation is a serious offense, but the problem that many health care professionals face is the confusion surrounding exactly what’s required to be compliant.

Below, we’ve compiled a short list for you to reference when deciding if your health care operations comply with HIPAA regulatory requirements.

For more information about HIPAA, check out our in-depth write-up here.




Benefits of mHealth: The Physician Perspective

As a physician, you’re used to the feeling of having your attention pulled in several directions at once. Many days, it can seem as if you just don’t have enough time to see enough patients, run all the tests you’d like, or even communicate with your staff. That’s why so many doctors and healthcare workers welcome the mobile health (or mHealth) revolution. The ability to communicate through text message is an easy way to keep everyone connected. It’s a great option to remind patients of their upcoming appointments without a phone call or to get their prescription filled without having to make a visit. mHealth is also creating stronger connectivity and collaboration for medical research, and since almost everyone in the healthcare industry carries a cellphone, it’s the fastest way to send a message to staff.

If you haven’t yet considered implementing mobile health within your medical facility, now is a good time to start, if only to make communication with patients and staff much more convenient. As mHealth becomes a hallmark of modern-day clinics, yours included, just ensure you keep it aboveboard in terms of HIPAA regulations (more on that later).

Here are three major benefits of the mHealth movement.

Better Access and Alerts for Patients

As little as 10 years ago, if patients wanted to see a physician for even the smallest ailment, they had to make an appointment over the phone and then possibly wait weeks for a diagnosis or prescription. While some clinics still take this approach, the more modern facilities are beginning to use mHealth to help get rid of the pain points that might keep patients from even making an appointment. If it’s too much of a hassle to make the trip to the clinic, then individuals could simply choose to neglect their health; mHealth is looking to change that.

Since almost everyone these days owns a mobile device and many more rely on texting as their main form of communication (over phone calls), it makes sense for physicians and healthcare workers to turn to texting as a way to reach out to their patients. Currently, practitioners use text messages to remind individuals of their appointments, inform them of important vaccinations, and even fill prescriptions. An article at Ausmed also notes that texting can help with HIV patients adhering to their ART medication, as well as providing support for people who are trying to quit smoking.

Another huge benefit of mHealth is the ability to send targeted alerts to patients. An article at HIMSS points out, in particular, that teenagers, with their busy schedules, can miss appointments and ignore phone calls. Yet, by using mobile alerts, there’s a much higher likelihood that they will read and reply to these messages. Since teens are leading the pack when it comes to communicating via text more than any other form of communication, it’s up to the healthcare industry to connect with them through that highly effective avenue.

The HIMSS article adds that text message alerts can also help as reminders to take care of one’s health with mobile tips. Whether the industry uses them as an alert or reminder to check blood sugar, keep up with a workout regimen, or get screened for STDs, mHealth can help physicians and healthcare workers connect more closely with teenagers and encourage them to stay more aware of their health.

Communication With Staff

Physicians and staff who have worked in the industry for many years undoubtedly carried a pager with them at some point in their careers. These days, smartphones have replaced that obsolete technology, so why not upgrade your methods of communication, too?

A piece at HIT Consultant includes the remarkable statistic that about nine in 10 physicians under age 35 own a smartphone and that texting is as second nature to them on the job as it is outside of work. “In many cases they use them to text with other MDs such as consulting physicians, subspecialists and hospitalists,” says the piece. There’s also the fact that texting’s quick receive-and-response rate can help boost productivity, as well as enable physicians to make faster decisions and receive medical information wherever they are.

Using mHealth to get in touch with staff at any time, or to send something like a group alert for an upcoming meeting, is making it much easier to keep in touch with other physicians, nurses, or specialists, as well as opening up a channel to share advice and knowledge, as needed. Rather than keeping physicians sequestered in their offices, texting is allowing communication to reignite among healthcare staff whether you’re down the hall or six floors away.

Clinical Research

Another area of the healthcare industry that’s seeing the benefits of mHealth is medical research and clinical trials. As with doctor’s appointments, individuals would have to physically arrive at a facility for monitoring and medical testing or trials. Now, texting is allowing patients to record their results and stay in contact with healthcare staff as they go through the phases of the clinical trials.

There’s even the ability to use texting as a form of outreach to find new participants for a study. The HIMSS piece touches on this and includes some use cases such as “personalized messages about compliance, dosing, collecting electronic patient recorded outcomes (ePRO) data or in the delivery of incentives for study participation.” Again, if physicians and medical staff want to better engage with a younger demographic, they need to do so through channels that teens and young adults use the most—that includes texting.

Keep HIPAA in Mind

However you choose to take advantage of mHealth’s benefits, remember that you always need to ensure your methods are HIPAA-compliant. That means you need to know that if you send medical records or electronic protected health information (ePHI) over text, you need to do it on a secure network and only if there’s no possibility a third party can intercept or read it. Failure to take necessary precautions could mean a breach of HIPAA and a hefty fine, as well as damage to a clinic or physician’s professional reputation. If you don’t document context, consideration, and patient consent, you’re in willful neglect and quite possibly assessed up to $50,000 for each text message.

Be sure you’re informed on how to text and remain HIPAA-compliant, the answer to “to text or not to text ePHI,” and the best method for texting ePHI. (Hint: It’s not through regular SMS). It may sound like a complicated undertaking, but there’s no leeway when it comes to ensuring that the privacy of your patients remains intact.

Has your clinic begun using mHealth in the workplace? Have you taken the necessary precautions for HIPAA compliance? Tell us how it’s going in the comments.


Contributed By: LuxSci founder Erik Kangas has an impressive mix of academic research and software architecture expertise, including: undergraduate degree from Case Western Reserve University in physics and mathematics, PhD from MIT in computational biophysics, senior software engineer at Akamai Technologies, and visiting professor in physics at MIT. Chief architect and developer at LuxSci since 1999, Erik focuses on elegant, efficient, and robust solutions for scalable email and web hosting services, with a primary focus on Internet security. Lecturing nationally and internationally, Erik also serves as technical advisor to Mediprocity, which specializes in mobile-centric, secure HIPAA-compliant messaging. When he takes a break from LuxSci, Erik can be found gleefully pursuing endurance sports, having completed a full Ironman triathlon and numerous marathons and half Ironman triathlons.