Submitting medical records to insurance carriers for medical review is a time consuming but unavoidable medical billing activity. Many insurance carriers require documentation on any medical treatment which is above and beyond standard medical treatment protocols developed by the carriers and providers must be able to provide requested documentation in order to obtain payment.
However, repeated submissions of the same material is a frustrating, often unnecessary, burden on medical providers. Unfortunately, when carriers are unable to locate mailed medical records, medical providers have little recourse other than duplicating the time consuming process of copying, preparing and shipping an often voluminous file.
From a practical standpoint, medical billing professionals will need to comply for requests for resubmission of lost documentation in order to get paid.
However, providers may want to deal with “repeat offenders” by seeking an internal investigation into the carrier’s security/privacy safeguards. Such a request could ask the carrier to perform a security audit to ensure that medical records are being processed in compliance with the carrier’s own security/privacy protocols.
Insurance carriers have a duty to maintain professional standards in processing submitted medical documentation. Under the Health Insurance Portability And Accountability Act (HIPAA), a covered entity (group health plan) must “reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart.”
To comply with HIPAA, covered entities such as group health plans have developed written procedures for protecting the privacy of patient medical records. HIPAA has also required group health plans to designate a privacy/security officer who is responsible for assessing compliance with those written procedures.
If a medical provider has a problem with a carrier losing records, an inquiry can be sent to that carrier’s compliance officer to try to determine what could be happening to the protected health information submitted as instructed. To assist with the review, the provider should outline what records were mailed, the date of the mailing, address used and how the records were sent. Providers could then also request that the carrier review their records for all medical records received during the week before and after the anticipated arrival date of the submitted records. If the carrier refuses the request, providers could also seek from the carrier a description of the efforts made to locate the submitted information and summary of the carrier’s written policy and procedures for handling protected health information.
Providers also have the option of filing a HIPAA complaint related to the carrier’s loss of protected health information. According to several HIPAA consultants, HIPAA fines have only been issued for situations involving a confirmed disclosure to an unauthorized party. The “loss” of medical records is not, by itself, a HIPAA violation.
“I am dubious that loss of a medical record would be seen as a HIPAA violation,” said Michael Kurs, an attorney with Pullman and Comley, LLC, “Somebody losing a record is very different from a confirmed case of it being stolen or improperly disclosed. It may indicate that data security is weak but that does not mean a violation has occurred.”
Kurs said that in order to prove a violation had occurred, there would need to be proof that the records were sent, received by the carrier and improperly disclosed to unauthorized personnel after receipt.
“The provider may spend more time on the investigation than dealing with the original billing issue,” he said.
Although filing a complaint might not result in a penalty being assessed, it could still focus attention on the question of where the records are going and why. Filing a complaint could also, at least, require the carrier’s security office to investigate the matter of lost records.
“I am guessing if they got enough complaints it would attract attention,” said Steve Weil, Senior Security Consultant with Seitel Leeds and Associates. “To me, the loss of medical records is even more serious if it is a paper record. Paper can be taken home. It can be altered.”
Leave A Response