If you’re like most medical groups that use an outsourced service for one or all of coding, billing, and collection, you probably focused on fees when it came to deciding with which company to contract, with the lowest bidder crowned the winner.
If you’ve got more sophisticated management than most groups, you might’ve moved to the next level of analysis which is cost versus efficacy: paying a 10th of a cent per claim is overpaying if collections are running at, say, 15% of contractually adjusted dollars.
But the real point here is that there’s far more to risk in outsourced coding, billing, and collection than the risk of collection. Let’s look at simply one other element of the equation out of many: data risk.
Data risk itself can be sliced like cold cuts: HIPAA risk, state confidentiality of medical information risk, credit card data risk, and so on.
Just because you outsource coding, billing, and collection doesn’t mean that you can outsource the risk; in fact, as to third parties the risk lies exactly where it began, with you.
So, what can you do?
Internally, your group can both adopt and implement related policies and procedures, from active HIPAA compliance to cyber security. And, you can ensure that you’re properly insured, from E&O, to D&O, to general liability, and to cyber risk.
But in light of the outsourcing issue, let’s slice this another way: What data risk obligations does your agreement with your outsourced coding, billing, and collection company impose on the service provider?
The issues are complex, from dealing with specifying exactly what insurance they must obtain, to avoiding caps on the third-party company’s liability (“our liability shall not exceed the amount of fees charged to Client within the trailing twelve months”). The object, of course, is to be able to be made whole for the liability (plus costs, etc.) imposed on/incurred by you to third parties, including the government, as a result of the outsourced vendor’s error. As in any negotiation, you don’t always get what you want. But with liability for, say, a data breach running into the many millions, make sure that you at least get what you need.
