Thousands of US organizations must comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The Security Rule is a key part of HIPAA — federal legislation that was passed into law in August 1996. The overall purpose of the act is to enable better access to health insurance, reduce fraud and abuse, and lower the overall cost of health care in the United States.The medical billing industry has been challenged in recent years due to the introduction of the Health Insurance Portability and Accountability Act (HIPAA).HIPAA is a set of rules and regulations which hospitals, doctors, healthcare providers and health plans must follow in order to provide their services appropriately ensuring that there is no breach of confidence while maintaining patient records. Since 2005, medical providers have been urged to send their medical claims electronically in compliance with HIPAA to receive their payment.

HIPAA: health Insurance Portability and Accountability Act of 1996
**Addresses the use and disclosure of individuals health information

**Creates standards for individuals to understand and control how their health information is used

Who is covered entity?
Any health care provider who transmits health information in electronic form including
**Heath plans
**Health care providers
**Health care clearing houses

BOSS provides 100% HIPAA compliant medical billing service since inception into the BPO service industry. Management and BOSS HIPAA committee has taken measures to make sure that we stay attentive to HIPAA and OIG compliance.

BOSS has a well designed compliance program can

  • Speeds and optimizes proper payment of claims
  • Minimizes billing mistakes
  • Reduces the chances of audit
  • We have developed open lines of communication
    • Discussion with staffs during meeting
    • Notice board bulletin to keep employees updated on compliance
  • implementing compliance and medical billing standards
  • Designation a compliance team to monitor compliance and enforcement

BOSS also initiated other HIPAA compliances

  • Patient PHI data is neither shared with unauthorized employees nor leaked outside the company
  • The medical transcription and medical coding department at BOSS and the process are well adhered to HIPAA compliant
  • We ensure that coding is done thoroughly based on office notes and supporting medical documents and not based on the reimbursement value of the code
  • Both our medical diagnostic and medical procedural coding adhere to strict guidelines
  • No hardcopy paper printouts are taken
  • Access to data are restricted by integrity levels of logins, no deletion or modification are done easily
  • All login passwords access are changed routinely once 90 days
  • Hierarchy of operation reporting structure followed

DATA security: The security rule applies to Electronic Protected Health Information (ePHI) and protects the confidentiality, integrity and availability of ePHI when it is stored, maintained or transmitted. The security Rule’s requirements include safe guards for policies, procedures, and processes that prevent unauthorized access to ePHI that is being transmitted over an electronic communications network, like the internet. Data security is the major factor that influenced to creation of HIPAA and OIG compliance. We see to that data security and confidentiality in an outsourcing relationship are given as much as precedence as the project itself. From secure systems and compliance training to confidentiality agreements, we cover all the key aspects involved in HIPAA regulations.

BOSS follows below data security measures.

  • We use sonic wire wall to restrict access to PHI
    • Movements of all data are restricted
    • Blogs, forums and personal email access are restricted
    • Only restricted insurance carrier and medical billing oriented sites are allowed
  • We connect to you billing system through site2site VPN tunnel for secure data transfer
  • We provide high speed servers store all your data
  • Secured FTP to transfer all electronic data and medical documents
  • All operators PC terminal’s USB ports and CD drives are disabled restricting data movements
  • Continual back up process of data
  • All super bills, EOBs and medical documents will be deleted permanently both from server and back up’s after client’s approval

PHYSICAL Security: BOSS makes sure the security for both data and physical components are given equal importants.

  • We have a security officer in place 24×7
  • All employees IN and OUT movement are monitored by security officers
  • No cell phones and electronic items are allowed to be taken inside
  • Outsiders are permitted inside office to meet the office personal after approval from the managers
  • All employees have to wear the ID cards inside the office if not they will not be permitted inside the shop floor
  • Security policy and security of systems are implemented to protected health information (PHI).

Employee Background Checks

  • Before hiring, we conduct extensive background checks on all employees
    • Past history of the employee
    • Experience and the company prior worked
    • Relieving letters from prior company worked to substantiate his/her experience
    • Residential proof and age proof
    • Medical certificate from a government healthcare provider

Business Continuity plans

  • We make sure continual process and specification training are given to our employees
  • We have employees in buffer to adapt to the volume and as counter measure for attrition
  • We have setup disaster recovery program to ensure business continuity in times of natural calamities
  • Power back-ups and 24×7 power generator are available for un-interrupted work