Articles

Strategies for Maintaining HIPAA Privacy and Compliance in the Revenue Cycle

Oct 1, 2024

Complying with HIPAA’s rules—designed to ensure patients’ personal information stays private—is challenging for any medical practice. It requires a great deal of staff time, and if a practice falls out of compliance, it can be hit with costly penalties. As of 2023, the Office for Civil Rights had imposed over $142,000,000 in penalties across 145 cases. These types of penalties can significantly impact a healthcare organization’s financial health and reputation.

Revenue cycle management (RCM) processes are a great line of defense for hospitals when it comes to ensuring HIPAA compliance. 

Where HIPAA Protocols and RCM Intersect

HIPAA and RCM intersect throughout the patient experience, beginning with patient scheduling, medical documentation, claims submission, and continue through account resolution.

It’s essential to recognize that numerous HIPAA rules relate to RCM processes — rules that govern three areas of patient privacy. These areas include the protection of patient health information, the implementation of safeguards to ensure the security of electronically protected health information (ePHI), and the requirement to notify patients in case of a security breach.

  1. Privacy. Protects individuals’ health information, such as demographic data, that could potentially identify a patient.
  2. Security. Requires healthcare organizations to implement administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of electronically protected protected health information (ePHI).
  3. Breach Notification. Medical practices and their associates must notify patients of a security breach in which PHI may have been compromised.

Critical Components of a HIPAA-Compliant Strategy

Administrative and patient care activities—such as scheduling patients, managing medical documents, conducting patient risk assessments, reimbursing providers, and testing the system—must be completed consistently and thoroughly to ensure compliance.

To ensure that those processes are carried out in a way that doesn’t leave the practice vulnerable to compliance failures or data inaccuracies, three RCM best practices must be followed. They include:

Conduct Data Minimization. This principle ensures that controllers and data systems limit the collection of personal information to only what is relevant and necessary and retain data only for as long as needed.

Ensure Data Encryption. These protocols govern the utilization of end-to-end encryption (E2EE), a means of transferring data so that only the sender and intended recipient can view or access it.

Maintain Data Access Control. This rule ensures that healthcare providers allow access to data only by users or software programs granted those privileges.

A HIPAA-compliant strategy should encompass five key activities that relate to running a business and caring for patients:

  • Patient Scheduling
  • Management of Patient Documents
  • Patient Risk Assessment
  • Reimbursements to Providers
  • System Testing

Key Qualities to Look for in a HIPAA-Compliant Revenue Cycle Provider

When selecting a partner for outsourced revenue cycle there are several factors to consider to ensure HIPAA privacy and compliance:

  • A strong track record of adhering to HIPAA standards
  • Regular training programs for staff, emphasizing HIPAA, privacy, and data security protocols
  • Encryption technologies and secure data transmission methods, including HIPAA-compliant software and systems for managing sensitive patient information
  • Regular audits and vulnerability assessments to identify and address potential weaknesses.
  • Transparent policies for data access, sharing, and storage
  • Documentation on how patient information is protected at every stage of the revenue cycle
  • Well-documented, swift incident response plan for addressing data breaches or compliance failures. 
  • Third-Party Audits and Certifications, such as HITRUST, which further demonstrate their commitment to data security and compliance

These elements will help safeguard patient information and ensure compliance with HIPAA regulations in the revenue cycle.

Summary

Developing an effective and sustainable HIPAA compliance strategy can be daunting, but choosing the right RCM partner greatly increases a practice’s chance of remaining compliant over the long term, avoiding harsh penalties, and protecting patient privacy while saving valuable time and cost.

Karie Bostwick

VP of People and Compliance

As VP of People and Compliance at Revenue Enterprises, Karie Bostwick oversees People functions including recruiting, training, onboarding, engagement and satisfaction. Additionally, she is responsible for compliance training, oversight and monitoring.

Karie has a long history of working in the revenue cycle support industry. Her skills span leadership, operations start up, policies and procedures development, operations workflow, budgeting and client management.

She is passionate about the experience of our people, patients and the Healthcare clients we serve and believes that a team of diverse, talented and motivated individuals working together toward a common goal can make a difference.

Robert Sterett

VP of Information Technology

As a transformational leader Robert Sterrett has leveraged his 20 years of experience to build effective service lines and exceptional teams. In his role as VP of Information Technology at Revenue Enterprises, Robert excels at taking a unique, balanced, and strategic approach to technology leadership with people first for the best possible outcome. Using his experience from engineering, project management and service line management he takes a multi-faceted approach to ensure the right people are in the correct position coupled with the best technology to meet or exceed all expectations from security to compliance and business continuity.

Robert’s leadership style lends itself to building long term relationships and has consistently been a relied upon strength in many organizations. Over Robert’s time as an IT operational and project leader, he has spent significant time in both hands-on technology facing roles and client centric management roles to bring the best solutions that strive to meet the business and client needs.

Focusing heavily on his personal development skills and opportunities, Robert continues to foster coaching and mentorship relationships everywhere in his life, and the lives around him.

Douglas Dunbar

VP of Sales & Marketing

As VP of Sales and Marketing for Revenue Enterprises, Douglas Dunbar leads with a passion for building strategic partnerships, nurturing relationships, and upholding customer service excellence. In his role, Doug focuses on marketing and brand strategy, sales team leadership, and working closely with members of the management team to best serve company goals.

Doug has over 28 years of National sales and marketing call/contact center leadership, with 10 years of service specifically at Revenue Enterprises. Currently, Doug serves as part of Wyoming HFMA Chapter leadership and has held various roles in Colorado HFMA Chapter leadership for over 9 years.

In his spare time, Doug is very family oriented. Additionally, he loves traveling, cycling, golfing, fishing, hunting, and boating.

Kris Brumley, MBA

SVP/COO

As SVP/COO of Revenue Enterprises, Kris Brumley is a collaborative partner within the executive team and a leader for operational functions across the organization. Kris productively shares vision, drives innovation, and supports those around her in a way that elevates them and fosters continuous improvement and results. She has helped create a supportive environment for clients resulting in 98% client retention and a 65% NPS score for all clients and 75% for top clients by revenue.

Kris possesses an MBA in data analytics and has twenty-five years of experience in the healthcare industry, with 19 specifically in revenue cycle. She brings a wealth of customer service experience to her role and has worn many hats at Revenue Enterprises including Director of Business Development, EBO Division Director, and VP of Client Experience Management.

In her personal life, Kris is as busy outside of work as inside. She values spending time with her family, and enjoys fishing, hiking, traveling and interior decorating and design.

Timothy (Tim) Brainerd

CEO

As CEO of Revenue Enterprises for almost 20 years, Tim Brainerd leads by example. He promotes a shared vision and stewards a culture of Integrity, Passion, and Respect. He has assembled and empowered high-performing talent and teams to support customers, facilitate strategic planning and manage the capital of the company. Under his leadership, Revenue Enterprises has doubled in size three times over the past fifteen years while maintaining a culture of caring and gratefulness.

Tim has close to four decades of revenue cycle experience, including nineteen years with RSI
Enterprises. He has been a past president of Colorado Chapter of the HFMA and a presenting speaker on the topic of Leadership. He is a fifteen-year member of Vistage International, the world’s largest CEO coaching and peer advisory organization for small and midsize business leaders.

Raised in the Midwest, Tim values humble principles like being respectful, caring, passionate, self-reliant, and most importantly grateful. His most important lesson and the lesson he hopes to pass on in all relationships is living the Golden Rule–do unto others as you would have them do unto you. He is intentional in his choices and believes in making decisions, taking action, being accountable, and loving your neighbors.

Whenever possible, Tim spends his time with his wife of nearly forty years, his adult children, and his grandchildren. His hobbies include fishing, golfing, traveling as well as game nights and sharing great food with his family.