Are you Extending Credit to your Patients?

If the patient leaves your office after getting a service without paying you in full at that time you are extending credit to that patient and should be aware of the Federal Truth in Lending Laws.

Federal Truth-in-Lending Act

All policies and procedures used in collection must conform with both federal and state law, and any applicable ethical obligations.  At the federal level, physicians who want to extend credit regularly or charge interest may be subject to the Federal Truth-in-Lending Act (the Act) (15 United States Code ’1601 et. seq.).  The rules for the Act are set forth in the Federal Reserve System’s Regulation Z (12 Code of Federal Regulations ’226).

In order to be subject to the Act, four basic conditions must be met: 

  1. Credit must be extended;
  2.  The extension of credit must be done “regularly,” which is defined as more than 25 times per year;
  3.  The credit must be subject to a finance charge or payable by a written agreement in more than four    installments; and
  4.  The credit must be extended primarily for personal, family or household purposes.

Credit extensions by physicians do not usually fulfill all of the four requirements.  Although physicians may extend credit to patients for personal purposes, most physicians do not either extend credit 25 times annually or by written contract payable in four or more installments.  Additionally, excluded from the definition of “finance charge” are “charges for actual unanticipated late payment, for exceeding a credit limit or for a delinquency, default or similar occurrence.”

If an interest payment is charged less than 25 times per year in the unusual cases of delinquency, a physician will probably not be subject to the Act.  If an interest payment is charged on all accounts that remain unpaid within a normal 30-day billing cycle, a physician will probably be subject to the Act.  If there is any doubt, a physician should consult an attorney familiar with this area of law to ensure compliance with the notice and billing requirements of the Act.

Tricia DiBartolomeo joins HBS as a partner.

After nearly three years of working with Healthcare Billing Solutions (HBS), Tricia DiBartolomeo joins Ann Marie Brunk as a partner in the business.

Tricia is very passionate about getting claims paid properly and treating our customers with respect.  She is a person of high integrity and is very conscientious of how work is done. For the past two years she has run the business when I’ve been away and done a phenomenal job.

Tricia’s background includes 15 years of experience in insurance billing as well as working as a dental assistant, having earned the title of Certified Dental Assistant from the Camden County Technical Institute in New Jersey.  Since working for HBS, she has become a member of the American Medical Billers Association and she is studying to take the Certified Medical Reimbursement Specialist exam.

Mobile Phones and Healthcare….. So What’s the Problem??

I am seeing more and more healthcare providers using their mobile phones to communicate via text with patients and while researching found an article related to this practice and the potential HIPAA violations.  Here’s a snippet from that article….

So what’s the problem? 

Unfortunately, traditional SMS messaging is inherently nonsecure and noncompliant with safety and privacy regulations under the Health Information Portability and Accountability Act (HIPAA). Messages containing electronic protected health information (ePHI) can be read by anyone, forwarded to anyone, remain unencrypted on telecommunication providers’ servers, and stay forever on sender’s and receiver’s phones.

In addition, senders cannot authenticate the recipient of SMS messages (ie, senders cannot be certain that the message has been sent to and opened by the right person). Studies’ have shown that 38 percent of people who text—including me—have sent a text message to the wrong person.

As a result, The Joint Commission has effectively banned physicians from using traditional SMS for any communication that contains ePHI data or includes an order for a patient to a hospital or other healthcare setting. A single violation for an unsecured communication can result in a fine of $50,000; repeated violations can lead to $1.5 million in fines in a single year, not to mention the reputational damage done to an organization and its ability to attract patients.

A recent case, for example, resulted in a $50,000 fine to the provider. In addition, the provider was required to “implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”

HIPAA‐compliant texting 
The Joint Commission did not ban all text messaging solutions, however. Instead, it established Administrative Simplification Provisions (AS) that serve as guidelines for developing secure communication systems. Under the AS guidelines, the following four major areas are critical to compliance:

  • Secure data centers—Healthcare organizations typically store patient information in either onsite or offsite (cloud) data centers. HIPAA requires these centers to have a high level of physical security as well as policies for reviewing controls and conducting risk assessment on an ongoing basis.
  • Encryption—AS stipulates that ePHI must be encrypted both in transit and at rest.
  • Recipient authentication—Any communication containing ePHI must also be delivered only to its intended recipient. A texting solution should allow the sender to know if, when, and to whom a message has been delivered.
  • Audit controls—Any compliant messaging system must also have the ability to create and record an audit trail of all activity that contains ePHI. For a text messaging system, this includes the ability to archive messages and information about them, to retrieve that information quickly, and to monitor the system.

Standard consumer-based messaging systems fail most of these requirements. The data centers are often not designed with the highest levels of physical and data security. Messages can be intercepted and are not encrypted. Recipient authentication is not available and, although messages and delivery details may be stored indefinitely, they are not designed to provide a fully functional audit trail.

Secure text messaging solutions 
By using a private, secure texting network, doctors, nurses, and staff can not only send and receive patient information, but also potentially achieve the following goals:

  • Shorten response times
  • Improve the accuracy of decision making by having better information
  • Allow multiple parties involved with clinical decision making to be looped in on the same message
  • Allow for quicker interventions and improve patient outcome
  • Securely communicate lab results, imaging results, patient procedures, and medical histories, allowing the physician to have more information readily available.
  • Speed up on-call notifications
  • Eliminate the hassle of callbacks
  • Integrate with scheduling systems to create automatic notifications of pending events
For more information read Healthcare Providers May Violate HIPAA by Using Mobile Devices to Communicate with Patients, by Catherine Barrett, Federal Working Group