How to Avoid A Health Business Insurance Audit
Discover how to avoid insurance audits for your health or wellness practice. Learn more about business insurance audits.
In nutrition private practice, conducting client sessions, writing chart notes and communicating your nutritional recommendations are all part of day-to-day business. Although these activities are routine, there is one thing that insurance-based practices must always keep in mind: insurance audits. At any point in time, an insurance company can decide to audit your nutrition business. In that moment, every policy, form, procedure and chart note can come under scrutiny. Becoming well versed in insurance audits now will help you establish important practices and policies for your nutrition business. Having sound policies and practices in place can help to prevent an audit in the future, and if ever audited, ensure that your business will stand up to even the toughest scrutiny.
Avoiding Insurance Audits for Nutrition Businesses
1. Know what an insurance audit is, and how one may be triggered
Insurance audits are generally done to help ensure that you’ve been provided the “supportive evidence” needed for your claim. Basically, it’s an evaluation of an organization or business’ financial statements to make sure that the financial records are truthful of the transactions they claim to represent. It’s the carrier’s way of determining how much risk they actually insured over the past year, that can be high or low depending on a few factors. You can also be picked at random to undergo an insurance audit.
Overall, an insurance audit can be conducted internally by employees of the organization or externally by an outside Certified Public Accountant (CPA) Firm. The audits that are established by third parties are mostly all more forthright than internal audits since it wouldn’t affect the daily work relationships within the company. On the other hand, internal auditors give the audited report directly to management and board of directors, and these reports are usually made to improve internal controls of the business. However, the main purpose of an internal audit is to ensure compliance with laws and regulations, giving a business a less likely chance of being a “red flag” to get audited.
What can trigger an insurance audit in nutritional care?
The healthcare industry is a competitive and lucrative business these days. The competition and rigorous regulations make it ever so important to have your companies business legal terms be straighten out. You don’t want to have to deal with any potential complications that can be detrimental to your nutrition practice. An audit can be triggered quite easily, actually. For instance, one CMS-1500 claim error can throw up a red flag for your business. Below are some popular triggers to look out for to avoid an insurance audit in your nutrition practice:
- Billing errors
- Copayment and deductible violations
- Audits at random
- Patient complaints
- Employee and competitor tips
2. Use an EHR platform and keep client records for 9+ years
Keeping good records is vital for every business, and in nutrition private practice this includes storing client chart notes and paperwork. Although this number may vary per insurance company and/or state, it’s generally required to store and maintain chart notes for at least 9 years. Failure to keep your files can lead to inspections by the FBI or other legality organizations who can ultimately close your business if demanded. This is why it’s vital to really understand the importance of keeping files on record for years to come to prevent any risk of being audited or getting yourself in any other legal situations.
Long-term storage of paper charting can be a huge space concern. Only having paper copies also puts your business at risk in the event of a disaster, such as a flood or fire. Electronically storing client chart notes not only saves space, but also makes locating these files easier. Keep in mind, when storing documents, PDFs or word files on your local computer, there is also extra steps that need to be taken to ensure compliance. Client information should be encrypted so that anyone with access to that computer will not be able to open these secure documents. A backup should also be created in the event that your computer is damaged.
For nutrition practices, a cloud-based EHR platform can solve both storage and security issues in the long-term. A cloud-based platform allows you to sign-in from any computer to access your clients charts, knowing that the information is always kept secured and backed up. When choosing your cloud-based EHR platform, it’s important to know exactly what happens to your client information and charts if the platform were to go down. You’ll want to look for a cloud-based platform like Healthie, that keeps data encrypted and stored in multiple locations. All of these measures helps to replace the compliance (and space) burden you would need to independently store copies of your clients charts locally (electronically or hard-copies).
What do you do if you change your EHR platform?
Immediately transfer your clients files over to this new platform, but do this securely. A lot of individuals don’t know the risk in sending confidential information to another website or provider online. Sharing and transferring files has become a huge part of daily life for a lot of people. Currently, people are used to sending documents via email, however, this intermediary is not a secure implement when it concerns your clients files. There are many ways to send files securely online, but it’s easy to be uncertain with the Internet. There are file sharing apps and software available that can ensure the safety and privacy of your files. If you’re transitioning to a new EHR platform, chances are that the platform will be able to assist you in securely transferring over your files.
3. Always use HIPAA-compliant ways to share client PHI
Protected Health Information, otherwise known as PHI, is any health information that is tied to an individual. PHI is deemed to be “individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations (PHI healthcare business uses).” PHI is protected under HIPAA meaning it includes one or more of the following 18 identifiers below.
- Names (Full or last name and initial)
- All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the U.S. Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
- Dates (other than year) directly related to an individual
- Phone Numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers (including serial numbers and license plate numbers)
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data
4. Communicate with other healthcare providers using a HIPAA- compliant form of communication
Communicating with other healthcare providers is another ideal way to avoid an insurance audit in your practice. However, the key is to communicate with a provider whom is also HIPAA compliant, using a secure two-way form of communication.
Some examples of secure two-way communication is:
- E-Fax: most insurance companies will require nutrition providers to have a fax line. Many doctors offices and other wellness professionals still rely on sending faxes to share client documents and chart notes. In lieu of having a physical fax machine in your office, E-Fax allows you to digitally send and receive fax documents.
- Encrypted email: involves encrypting content of email messages to protect any important information from being read by anyone other than the intended recipients. Regular email is not considered HIPAA-compliant, and puts your clients’ information at risk.
- Phone: having a phone session with another medical provider is still a secure way to connect. In the event of an insurance audit, it will be next to impossible to recall every call you had with a client’s doctor or other wellness providers, and what information you shared/received. To protect your business, always be sure to document that the phone call occurred and include any important takeaways from the session. You can do so by including a brief private note in your client’s chart.
In nutrition private practice, you want to ensure that you have a Business Associates Agreement (BAA) with any technology platform that you use. This will be required for insurance reimbursement for telehealth. What this means is that the communication platform is encrypted to maintain security and privacy. HIPAA privacy laws protect client personal health information, and limit the access controls of this information. Moreover, communication, as well as documents and shared images, would not be readable in transmission.
5. Always obtain a Medical Release Consent Form
Having a medical release policy is crucial in ensuring the safety of both your client’s information and your business. This will also put your nutrition practice at a much lower risk of being audited.
Always obtain a Medical Release Consent form signed by your client to talk with another healthcare provider outside of your organization. Your client should sign a form for that provider and for you, giving permission to communicate — link to our downloadable sample form. You want to do this for every healthcare professional outside of your practice you plan on establishing a relationship with.
6. Be proactive and vigilant in your nutrition practice policies
It’s essential to be proactive in reviewing your business policies to avoid being put under investigation and potentially be audited. Especially if you work in a multi-provider practice, it’s essential to review these policies during the new provider onboarding practice. Many nutrition practices also require new providers to take a HIPAA-compliance training course, to ensure that they are following best practices at all times.
As you build your nutrition practice and policies, consider referring to this list and regularly review if standards are being met.
- Consider having new team members take a HIPAA-compliance course
- Team communication is always done using a HIPAA-compliant platform.
- The technology used to run your business, and share client information is HIPAA-compliant, and keeps client data encrypted. A BAA is obtained for each technology platform.
- A Medical Release Consent form is always obtained prior to communicating with any healthcare provider outside of your nutrition practice.
- Every client session is always documented, detailed and securely stored for 9+ years.
- Any phone calls or communication with other healthcare providers is documented and also stored within client’s chart.
- Periodically review what is considered PHI
- Be proactive with any client complaints or concerns. Document the issue and the steps that you’ve taken to resolve the complaint. Beyond a negative review, a client complaint can trigger an insurance audit, and should always be taken seriously.
- Regularly review your company billing reports and insurance-reimbursements to ensure that clients were properly billed for amounts they owe (ie. copays and deductibles).
Been notified of an insurance audit?
Despite taking all of these steps, there’s always a chance that you may have to undergo an insurance audit in your nutrition practice. Insurance audits are sometimes conducted at random, so don’t panic. Just because you received notification of an audit, doesn’t mean that you’ve done anything wrong.
Keep these important tips in mind during an insurance audit:
- Stay calm! Relax, take a deep breath, and know everything will work out.
- Read the notice carefully. Check for any incorrect audit notices. It’s possible that an audit was triggered in error, or due to a billing mistake on the insurance-companies end.
- Prepare and submit your required documents on time. Missing a deadline can make matters worse and result in more heavy fines. This can hurt your practice more depending on how patient your external auditor is.
- Pay what you owe ASAP
- Stay professional. Dealing with insurance companies, especially during an audit, can cause tensions to flare. Keep in mind, the employees that you’re speaking to are willing to work with you. Staying calm, professional and always staying respectful will help everyone stay on the same team.
At the end of the day, in any practice, no one likes to deal with any type of audit. In fact, people dread it. In a nutrition practice, there are many ways to avoid being audited. Using a platform that is HIPAA-complaint, such as Healthie, can really determine how secure and safe you are from external auditors. As well as that, your clients will feel safe with your services, building a better relationship between one another.
Make more time to grow your business
Use a platform that automates the administrative, so you can focus on growth and care.
Stay Up to Date with Healthie
Sign up for our monthly newsletter