Expert: Check Your Biller’s Security
The recent dumping by a billing firm of paper pathology records at a recycling station in Massachusetts is a wake-up call to the industry, according to a billing veteran. "You need a concerted effort to make sure this doesn’t happen to you," says Holly Lourie, R.N., corporate compliance officer at Practice Management Inc., a third-party medical billing company in Boise, Idaho.
The recent dumping by a billing firm of paper pathology records at a recycling station in Massachusetts is a wake-up call to the industry, according to a billing veteran. "You need a concerted effort to make sure this doesn't happen to you," says Holly Lourie, R.N., corporate compliance officer at Practice Management Inc., a third-party medical billing company in Boise, Idaho.
The records in Massachusetts were dumped by the former owner of a billing company that recently sold the firm. The new owner decided to retain only records from 2010 (see story).
There's always patient data in motion somewhere--and a lot of that data resides in billing firms. The Massachusetts incident should open providers' eyes to the need for a good chain of custody, Lourie says. But providers often don't know much about their billing firm, she adds. "What do you know about them besides their sales job? Do they have a documented risk assessment and compliance plan? Do they have visible safeguards at the office? Do they drive around in a car with records in the seat? Do they give back data that's encrypted?"
Lourie serves as chair of the ethics and compliance committee of the Healthcare Billing & Management Association, which represents about 650 billing firms, primarily larger ones. There's also an association for smaller outfits.
Lourie advises billers join the group appropriate for them. The associations provide security tools and educational resources, plus the experiences of peer organizations to learn from.
Reading and understanding privacy and security regulations is easy, but "trying to maximize success in your internal operations is the challenge," Lourie says. "You have to customize the rules to work in your environment, and that's hard." That's where peer experiences prove to be valuable, she adds.
Security regulations governing business associates and the health data "chain of trust" will be topics covered during Health Data Management's annual conference, running Nov. 14-16 in Chicago. For more information, go to healthdatamanagement.com/conferences/hdm.
--Joseph Goedert
The records in Massachusetts were dumped by the former owner of a billing company that recently sold the firm. The new owner decided to retain only records from 2010 (see story).
There's always patient data in motion somewhere--and a lot of that data resides in billing firms. The Massachusetts incident should open providers' eyes to the need for a good chain of custody, Lourie says. But providers often don't know much about their billing firm, she adds. "What do you know about them besides their sales job? Do they have a documented risk assessment and compliance plan? Do they have visible safeguards at the office? Do they drive around in a car with records in the seat? Do they give back data that's encrypted?"
Lourie serves as chair of the ethics and compliance committee of the Healthcare Billing & Management Association, which represents about 650 billing firms, primarily larger ones. There's also an association for smaller outfits.
Lourie advises billers join the group appropriate for them. The associations provide security tools and educational resources, plus the experiences of peer organizations to learn from.
Reading and understanding privacy and security regulations is easy, but "trying to maximize success in your internal operations is the challenge," Lourie says. "You have to customize the rules to work in your environment, and that's hard." That's where peer experiences prove to be valuable, she adds.
Security regulations governing business associates and the health data "chain of trust" will be topics covered during Health Data Management's annual conference, running Nov. 14-16 in Chicago. For more information, go to healthdatamanagement.com/conferences/hdm.
--Joseph Goedert
More for you
Loading data for hdm_tax_topic #reducing-cost...