Short Topical Paper
HCR 361
There are Medical Billing and Coding risks whether it be by your own company’s medical billing and coding team, or it be by a third-party medical coding and billing team. Our strategic objectives are to show commitment to the community, to always maintain compliance in regulations, be financially stable and compliant along with be achieved, and to ensure protection of data and privacy information such as the PHI. With our new Coding and Billing Vendor, the risks are high when it comes to finances and also data protection and privacy. This is because if we were to get hacked then the hacker could take funds from the accounts but also could steal data information and either sell it to vendors or other risky issues such as ransomware, etc. When it comes to data protection and privacy, the IT department would be consulted heavily in this area due to the IT issues that occur when hacks happen, and the data information and privacy information are digitized.
When it comes to the medical billing and coding risks, there are so many to dive into however, I do believe in the higher risks having to do more with an IT situation than I do in a coding situation. This is because ransomware is, what I call, a sneaky risk that can catch up to you quicker than expected. Now, even though this would be an IT department issue doesn’t mean it can’t quickly become a billing and coding issue. For instance, there are companies who keep credit, debit, and flex card information on file, and this is to help the patient to quickly ask if they (the company) could go ahead and charge their card for their current bill. However, when a hacker is able to successfully hack the billing system, they have a possibility of being able to hack into the “holding system” that stores card information which is why so many companies have also stopped storing card information due to high risks of hackers.
When it comes to privacy data, this could include but not limited to your first/last name, address, IDC-10 codes (diagnosis), phone number, billing information, what tests are being done, medications being prescribed, health information, etc. It all depends on what industry is being hacked such as a lab, private clinic, or pharmacy, etc. However, it is interesting because our personal information is sold to data brokers, so hackers don’t really need to hack a medical facility in order to obtain personal information. I mention that because, yes that is true, however, medical facilities have more information on people such as the patient’s most important information regarding their SSN. When it comes to medical facilities and hacking issues, it can become scary as the data that is collected and sold on the dark web is not only personal but also can have the patient at a major risk of identity theft.
So, in order to ensure safety within our Medical Billing and Coding we would implement reviews within security and data breaching risks, look into the risks and rate the risks within the department, communicate, and even notify our stakeholders and document it. Stakeholders will need to be identified and notified of any issues happening within the company including the medical billing and coding department. We will then review the affiliation agreements with physicians, review the leasing documents, and the acquisition documents to ensure all risks are being reviewed. We will also be reviewing state, local, and federal laws and regulations to ensure compliance. We will also create the appropriate corrective action plans if any issues occur and/or are found while monitoring and auditing.