By: Bellinger Moody, President
The question of whether to outsource your medical billing and revenue cycle management operations or keep the processes in- house is one pondered by many anesthesia providers and practice managers. Approximately ten years ago, the decision-making process to keep your medical billing in-house would not have required any- where near the considerable process analysis, risk assess/ment, and thought that must be considered in today’s medical billing environment. The right answer as to whether or not you outsource is contingent upon many factors: (1) cost; (2) risk/liability; (3) control; (4) return on investment; (5) size of local labor market; (6) state of your practice’s financials; and in some instances, (7) age of your business. Consequently, the three most heavily weighed factors are cost, risk/liability, and control. As a result, the focus of this article will be on those three factors.
It is common knowledge that in-house billing expenses associated with recruiting, training, and retaining quality anesthesia billers and coders, paying their salaries, covering their benefits, as well as leasing or purchasing billing software platforms are higher than those associated with outsourcing to a third party billing company. Typical medical billing and revenue cycle management costs include:
- Labor/Anesthesia Billing Staff – Annual costs include median salary, healthcare, federal and state taxes, training to keep updated on medical billing industry changes
- Office Space & Supplies – Monthly costs for office space, statement paper, general office supplies, office hardware and other miscellaneous costs
- Software and Hardware – Up-front cost and/or monthly leasing cost of software system for billing, practice management software, and computer and printer hardware costs
- Direct Claim Processing– Monthly Clearing House Fees
If you consider the fact that most national medical billing companies have their own proprietary software platforms (for which costs are lower due to the fact that many have been in place for some time and the only common costs are maintenance and updates, over which they have control), as well as the fact that the volume of claims processed by national medical billing companies is usually considerably higher than a practice that performs its own billing – for which many vendors such as clearing houses, statement companies, office supply companies, healthcare insurers, etc., provide discounted rates – which typically translates into lower business costs for national medical billing firms. Based on a 5 year data sample obtained from practices that have transitioned from in-house billing to Medac, anesthesia practices spend between 6.5 to 11 % of their collections to perform their own in-house billing. Out- sourcing medical billing reduces that cost as there is no need for billing staff or space for a billing department. Therefore, costs associated with salaries, benefits, training and supervision, office space, as well as turnover are significantly reduced.
Another significant cost consideration is that of compliance. With frequently changing regulations and new laws enacted on at least an annual basis, compliance costs have increased exponentially. The most significant contributor to increased compliance cost is data security. As evidenced by the recent data breach experienced by insurance giant Anthem (previously Wellpoint) in February 2015, security of PHI (Personal Health Information) is a significant challenge for all covered healthcare entities. Another contributor to increased compliance cost is security and protection of entities. Another contributor to increased compliance cost is security and protection of patient credit card information. The major threat of data breaches posed by hackers (cybercrime) has created these increased costs; which include: hardware; software; on-going education and training; policy implementation for internal controls; testing; as well the advent and requirement of a totally new senior level executive position – CISO (Chief Information Security Officer).
Risk/Liability = Compliance
The last 10 years have seen the most significant changes in healthcare law. With new or enhanced healthcare legislation such as as the ACA (Affordable Care Act), Enforcement of HIPAA’s Administration Simplification Portion, HITECH Act (Health Information Technology for Economic and Clinical Health Act), TCPA (Telephone Consumer Protection Act), FERA (Fraud Enforcement Recovery Act), MMA (Medicare Modernization Act Section 306), DRA 2005 (Deficit Reduction Act of 2005), TRHA Section 302 (Tax Relief and Health Care Act Section 302), as well as the expansion and creation of new government agencies and contractors such as RACs (Recovery Audit Contractors), MICs (Medicaid Integrity Contractors), and ZPICs (Zone Program Integrity Contractors), the cost involved with doing your own medical billing has skyrocketed, and the compliance risks have more than tripled.
Although cost and control are significant factors to consider when weighing in-house billing vs. outsourcing, the single biggest threat for billing entities today is compliance. Healthcare fraud and abuse enforcement is still at center stage as a huge money maker for the government. The Annual Report to Congress on the Medicare and Medicaid Integrity Programs revealed that the government is making $12 for every dollar they spend in this area. As such, it should come as no surprise that the Department of Justice (“DOJ”) issued an Interim Final Rule on June 30, 2016 that doubles the amount of penalties under the False Claims Act (“FCA’’) and the Anti-Kickback Statute (“AKS”). The current penalties range from $5,500 – $11,000 per false claim. However, effective August 1, 2016, FCA penalties increased from a minimum of $10,781 per claim to a maximum of $21,563 per claim and the AKS penalties increased to $21,563 per occurrence. The DOJ allowed a comment period that ended on August 29, 2016; however, due to abstinence by congress, these penalties under the FCA and AKS have doubled. Clearly, Healthcare Fraud and Abuse is still a major compliance risk area; however, we no longer exist in a billing environment where regulatory billing compliance is the only major compliance risk factor. The days of anesthesia compliance professionals worrying mostly about whether anesthesia services were appropriately documented, coded, billed, and collected (in accordance with the OIG guidelines, DHHS and federal payer (CMS, TriCare, Champus, etc.) guidelines, and other third party payer policies and guidelines) are long gone. Healthcare compliance professionals have identified data security as the single most formidable compliance risk area for healthcare organizations, healthcare providers, payers, and billing entities. The two major data security risk areas:
- PHI (Personal Health Information) Data Security/Compliance:
With cyber-crime and hacking at all-time highs, data security is now considered to be the single most critical compliance risk area by healthcare compliance professionals. In fact, the current cyber-crime environment has created the justifiable need for a totally new senior level executive position CISO (chief information security officer.) The CISO is a senior level executive responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. Salary.Com reports that the median annual Chief Information Security Officer salary is $196,027, as of August 29, 2016, with a range usually between $164,816 – $237,026, however this can vary widely depending on a variety of factors. The question you may now be pondering is “can I really afford a CISO?” The real question you should be pondering is “can I afford NOT to have a CISO?” The HITECH Act sets federal penalties on health care companies that leak data on 500 patients or more as high as $1.5 million per incident.
For all other industries, the Health Insurance Portability and Accountability Act imposes stiff civil and even criminal penalties for those responsible for data breaches. So, why are these penalties for breaches of Personal Health Information so high? According to a September 24, 2014 article published in Technology News, by Caroline Humer and Jim Finkle, “your medical information is worth 10 times more than your credit card number on the black market”. Personal Health information contains names, birthdates, policy numbers and medical record numbers that may contain social security numbers as a part of their nomenclatures. The bottom line is that fraudsters are much more attracted to PHI than financial information because of the opportunity for identity theft. Why steal credit card information when they can steal your identity? Cybercriminals are selling this information on the black market at a rate of $50 per patient chart. The question most anesthesia in-house billing operations must now also weigh, is whether they want to take on the added risks and costs associated with maintaining and securing PHI, or pass the overwhelming majority of that risk on to an outsourced billing business partner that has the infrastructure, resources, and controls to better assume these risks.
- PCI DSS (Payment Card Industry Data Security Standard):
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card companies including Visa, MasterCard, American Express, Discover, and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor (ISA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes. Validation of PCI DSS compliance is an area that many in-house and smaller billing entities neglect; however, if a credit card breach occurs (e.g. by hacking, or by a dishonest employee), this validation could mean the difference between hundreds of dollars in fines, millions of dollars in penalties and damages, or even prison time.
Once again, this is now another major compliance risk area that must be weighed when deciding whether to keep the billing in-house or outsource.
Many providers and administrators like having hands-on control of financial operations through in-house billing. Much of the anxiety about relinquishing control centers around five key areas: (1) collections performance; (2) compliance; (3) appropriate staffing; (4) Accessibility/ Proximity; and (5) AIR management. All of these anxieties may be addressed contractually with collections performance and AIR management guarantees and clauses, staffing guarantees, as well as auditing requirements to ensure compliance. Some billing companies are even willing to reduce your monthly fee and reallocate the funds toward an external auditor of your choice. Additionally, as with most outsourced billing agreements, billing companies are contractually obligated to follow up on all unpaid and denied claims. Due to rapid advancements in technology, accessibility and/ or proximity fears have become less and less significant in the decision making process. Many national outsourced medical billing companies supply you with comprehensive performance reports on demand — via web portal, and/ or upon request. This capability grants you unparalleled visibility into your billing operations without requiring you to micromanage or even oversee any staffers.
Comprehensive reports are wonderful; however, having access to view information and images all the way down to the individual patient accounts level is absolutely vital. Specifically, having individual patient account web-portal access to view: (1) images (i.e., EOB, anesthesia record, patient demographic, claim form); (2) billing and coding information (i.e., patient name, insurance company name, CPT codes, anesthesia start and end time entered in the system, etc.); (3) line item account transactions & postings (i.e., payments, adjustments, credits, etc.); (4) unpaid and underpaid claims follow-up activity notes; (5) unpaid patient balance follow-up activity/notes; and (6) patient statement activity/ notes; provides you with total transparency. You now have all the necessary tools — access to images and patient account data — to instantly audit your outsourced billing company. Total patient account transparency is one of the most important considerations in the decision-making process when weighing the control factor. Last but not least, proximity issues may be contractually addressed by requiring billing company presence at monthly or quarterly group meetings.
As previously mentioned, cost, liability, and control are commonly the most heavily weighed factors when deciding whether to outsource your medical billing operations. Aside from clinical services, billing and revenue cycle management are the most important processes of your practice. Your cash flow depends on them, so the decision of how to handle these services should not be taken lightly. You should do assessments of your practice’s cost, risks, staffing, and volume metrics to determine what is right for you. Although cost and control are two primary factors that must be carefully assessed, with the current healthcare fraud and abuse/cybercrime environment, I cannot emphasize enough how absolutely critical it is – now more than any other time in your practice’s history – that you more thoroughly assess your practices’ liability/ risk (in relation to these two areas in weighing your decision to outsource.
Finally, it is important for anesthesia practices/providers to factor in their individual costs and preferences when deciding whether or not to outsource. In an apples-to- apples comparison, we have found that outsourcing typically produces the higher net income. However, as stated throughout this article, cost is NOT the only issue anesthesia practices should consider. There are plenty of other factors involved in this business decision that may be as, if not more, important than costs.