How to Balance Privacy, Security and Quality with Offshore Coding: Three Critical Caveats for HIM – HIM Scene

The following is a guest blog post by Sarah Humbert, RHIA, ICD-10 AHIMA Certified Trainer, Coding and Compliance Manager, KIWI-TEK. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Prior to ICD-10 there was a shortage of domestic coders, making offshore services a necessity for many organizations. But in a post ICD-10 environment, experienced U.S. coders are more readily available and accessible. Domestic coding services are still considered best practice by most HIM professionals. In fact, 72 percent of hospital respondents outsource more than half of their coding needs according Black Book’s October 2016 Outsourced HIM Report.

While acceptance of offshore coding services has grown there are important caveats for HIM professionals to know according to the Black Book report. Price isn’t everything when it comes to protecting your patient’s privacy and your organization’s financial performance. Additional offshore concerns continue to be reported by U.S. hospitals and health systems:

  • Increased audit costs
  • Higher denial rates
  • Missed procedure codes

As Black Book states, it is imperative for offshore coding companies to tighten processes in three key areas: privacy, security and quality. With ransomware on the rise, hospitals, health systems and medical groups have greater levels of responsibility to fully assess their business associates—especially those using protected health information (PHI) offshore.

Because of these concerns and those mentioned above, HIM professionals must carefully explore, vet and secure detailed service level agreements prior to even considering the offshore option. This month’s blog lays out three critical caveats to consider and weigh against the proven value of domestic coding services.

Verify and Test Privacy and Security for Offshore Coding

The first step for HIM professionals is to understand the annual attestation requirements. Originally required by CMS for Medicare Advantage (MA) plans, the following annual attestations have become best practice for healthcare provider organizations and other covered entities (CEs) working to protect PHI.

  1. Provide notice to CMS—30 days prior to beginning the contractual relationship—that offshore contractors will be used, providing CMS an opportunity to review and raise an objection if warranted.
  2. Sign an annual attestation to accurately report to CMS the use of any offshore contractors.

For example, if a hospital wants to use a coding or billing company with personnel located offshore, it must submit the initial notification, receive no objections from CMS, and then annually attest that protections are in place with the offshore vendor.

Beyond the two-step attestation process, HIM professionals must take the following five precautionary steps with all offshore HIM services vendors.

  • Discuss any offshore contacts with your legal counsel and the vendor prior to signing.
  • Include language to indicate that onshore vendors will not subcontract with offshore vendors or coders.
  • Make sure your vendors are aware of attestation rules and take precautions to safeguard PHI.
  • Obtain cybersecurity insurance that includes coverage for potential breaches of offshore data.
  • Identify any other clinical services that may be provided offshore, such as coding audits, and consult your legal counsel to determine if that service should be identified in the attestation.

Rigorous due diligence of offshore coding vendor privacy and security safeguards ensures HIM professionals are doing their part in reducing PHI breaches and ransomware attacks in healthcare. Six states went a step further by prohibiting Medicaid members from sending any PHI offshore: Arizona, Ohio, Missouri, Arkansas, Wisconsin and New Jersey. If your state provides healthcare services in any of these states, additional review by legal counsel is mandatory.

Watch Offshore Coding Quality

The second area for concern with offshore medical record coding services is accuracy.

Offshore coders are mostly former nurses or other well-educated candidates. Although global coding staff speak English and are highly competent, they may not be well trained in self-directed chart interpretation.

Our clients often report international coding accuracy concerns and the need for additional audits, higher denials and missed procedure codes—especially as global coders expand beyond relatively simple and repetitive ancillary testing and radiology cases. In fact, 22 percent of HIM executives continue to shy away from a non-U.S. workforce, according to Black Book.

When it comes to coding quality, here are five recommendations to measure, monitor and manage accuracy prior to engaging an offshore coder.

  • Confirm who is actually doing your coding initially, and after each month into the services engagement.
  • Know global coders’ credentials, testing results and accuracy scores.
  • Verify that less experienced coders aren’t engaged following the initial work assignment.
  • Conduct a minimum of monthly coding audits to quickly identify and correct any negative trend or patterns.
  • Refuse to accept lower quality standards for offshore coding.

Re-evaluate Your Options

The medical record coding industry has shifted. Now is the time to re-evaluate the risks and returns of offshore coding services—keeping privacy, security and quality top of mind.

About Sarah Humbert
Sarah serves as the manager of coding and compliance at KIWI-TEK, a 100% domestic coding and audit services company. She is responsible for coding quality control—accuracy, turnaround time and compliance.

Sarah oversees all coding processes, including coders’ performance, credentials and recurrent testing. She is a member of AHIMA, IHIMA, CHIMA, and she is also a Certified ICD-10 AHIMA trainer. Sarah has worked in a variety of health information management positions for Health Care Excel, MedFocus and St. Vincent Health System.

KIWI-TEK is a proud sponsor of Healthcare Scene. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

   

Categories