/

We would like to address a common issue our clients face when it comes to insurance reviews/audits/HEDIS. Computer SecurityOften third party companies try to bully practices into letting them come in and access copies of medical records or send their own copy service, paid for by you, for the purpose of “mandatory” insurance reviews and audits. DataFile would like to remind you:

  • Many of these reviews are not “mandatory reviews”, and thus you are not required to supply them copies, let them come onsite to your office, or allow them to send a different copy service.
  • In these situations, DataFile can do the work and bill the insurance company on your behalf.
  • There is a cost to releasing medical records to them – both monetary and in HIPAA liability.
  • There are clear steps you should take to make sure you stay compliant with insurance contract obligations and HIPAA mandates, and avoid being taken advantage of.

Your rights might be best illustrated with an example:

Insurance company, PESKY FRIEND, states they require “mandatory” copies of your records for a review or audit.  PESKY FRIEND states that they are NOT willing to reimburse you or your copy service for any fees associated with making these copies and you must provide them at no cost as stated in your agreement.

As medical records experts, we are very familiar with this type of “routine” that PESKY FRIEND is walking you through.  Keep in mind:

  1. PESKY FRIEND does not have the right to tell you who you must allow into your practice and have access to your charts.
  2. PESKY FRIEND does not have the right to refuse DataFile’s invoice for services.  We call this behavior “bullying” even when the tone is cordial.
  3. One critically important thing to consider is that any organization or copy service, other than DataFile, does not have a Business Associate’s agreement on file with you. As you know, it is in your best interest to keep access to your clinic and charts to the minimum necessary involvement.

It is in your best interest to stand firm and not allow this type of demand from PESKY FRIEND.  As your official Business Associate, DataFile has access to all the data the insurance company needs, and we can professionally handle the request for you — plus, PESKY FRIEND pays for our services. It’s always interesting to see the change in behavior when these insurance companies first learn that you have contracted with DataFile to manage your records and that they no longer have bullying control.

As your Business Associate, DataFile has the following advice for you in situations like the example we described above:

1.  Review your Agreement – Be aware of the medical record copies portion of your payer contractual agreements that state that the insurance company has a right to the information. Sure, they have the right to receive copies, but at no cost? There is a cost to acquiescing – both monetary and in HIPAA liability.

2.  Attempt to Amend your Agreement – If you are in renegotiations with your insurance company, be sure the contract is written to protect you, your staff, your facility, your resources and your privacy.  If an insurance company wants copies of your medical records, for purposes other than reimbursement, they must be prepared to pay a reasonable fee associated with the time, labor and resources to provide such copies, and they must be prepared to pay these charges to either you or your Business Associate contracted copy service.

3.  Analyze what it will take to comply “at no cost”. Ask the following questions:

  • Do insurance company employees show up or do they send a contracted service that is NOT your Business Associate or your preferred copy service?
  • Do they open a paper chart?
  • Do they have to sit at a terminal to review electronic data?
  • Do they print to YOUR copier and use YOUR resources?
  • Do they leave the facility with printed copies? (Huge HIPAA risk area.)
  • Do they scan in your printed copies and shred what they just printed?
  • Do they invade your workspace, daily routines, privacy practices and HIPAA security procedures?

4.    Instruct that they can show up, review the data, but not retain a copy. Inform the company they may take notes and perform their review, with no copies taken. This is the best way to protect your patient and your practice.

5.    After giving them their options, let them decide. After all these steps, Pesky Friend can then determine what it costs to THEM to gather their data and perform their review.  It will appear more cost effective to pay the fair value copy fees and allow DataFile to provide the records – in “record” time!

Our CEO, Janine Akers, is highly passionate about this topic and researches it often.  Feel confident that we will not put your practice, providers, or patients at risk – you are our valued client above all else. If you have more questions about situations like the one discussed here, feel free to contact one of our medical records experts.

Share This