Wednesday, April 24, 2019
Common Health Questions and Answers
Common Questions – and their Answers.
1. How should my partners and I structure buy-in and buy-out payments?
There is no right or wrong answer to this question, and the answer to this question may change over time and evolve as your practice evolves and as new and different practitioners enter and exit. There is no “best practice” standard, though we generally see two approaches: (1) a nominal buy-in and buy-out, or (2) a buy-in and buy-out based on the fair market value of the practice. Even within these general approaches, there are significant variations.
Generally, a threshold question to answer is when do you want to make your money? Do you want to make money as you’re practicing or do you want to defer compensation and receive a big pay-out when you retire? Perhaps it is a combination of both. Will you be an employee of your practice receiving a salary and bonuses, in addition to an owner who receives dividends or distributions? The personal tax implications of these arrangements should not be overlooked, particularly because of the self-employment tax exposure, and you should consult with your financial advisors as you evaluate the compensation structure of your practice.
There are many factors you should consider as you and your partners negotiate buy-in and buy-out requirements.
• If you expect to receive compensation in real-time, as the practice generates profits, then a nominal buy-in and buy-out amount might work for you. Instead of receiving a significant lump-sum at your retirement or withdrawal, you will make money through distributions or dividends and/or employment compensation. We have seen buy-in and buy-out amounts as little as $10.00, even in practices with significant operating revenue and profits. Usually the practice, not the other partners, pay the withdrawing or retiring partner the buy-out amount.
- •For buy-ins, consider whether your practice will require significant capital investment to bring on a new owner. If this is the case, a buy-in formula may be more appropriate. Additionally, the buy-in requirement for a founding partner may be different than the buy-in requirements for future non-founding partners.
- For future buy-ins, consider whether you want to adopt an incremental approach to full ownership. Many practices phase-in ownership over time. This gives the new partner more time to pay the buy-in amount and allows the practice to give the new partner greater voting power and financial benefits over time.
- For buy-outs, consider who is doing the buying. Is it the other non-withdrawing partners? Or the practice? Often practices answer this question differently for different buy-out circumstances. The answer also has different tax consequences for your partners. Additionally, if your buy-out calculation has the potential to be a significant sum, consider obtaining life insurance as a means of procuring the necessary funds to buy-out a partner on his or her death.
- We generally advise clients to require advance notice for buy-outs. We have seen upwards of one year to 18 months advance notice for a voluntary withdrawal or retirement.
- We have seen buy-out formulas based on collections, net book value, fair market value, and everything in between.
- Consider whether your formula will take into account just the hard assets of the practice (equipment, furniture, fixtures) or deferred compensation (historical reimbursements).
- Sometimes accounts receivable is included, sometimes it is not. Accounts receivable is often included because it ensures that the departing partner is appropriately compensated for the work he or she actually performed. However, it is generally advisable to account for potentially uncollectible receivables, rather than compensating based on 100% of outstanding receivables. You may also want to consider paying out the departing partner’s pro rata share of net accounts receivable over a specified period after his or her departure, after the funds are actually collected.
- Goodwill is often carved out, but it doesn’t have to be (particularly for founding partners who have built the practice from inception). Goodwill is difficult to calculate and including it opens you up for different interpretations and negotiations.
- If you are considering a buy-out amount based on collections, it is advisable to use net, not gross, partner collections. This will more appropriate account for the actual operations and profitability of the practice. Additionally, consider using percentages of recent historical data to account for fluctuations in practice operations.
- Generally, the approach for the buy-in should mirror your approach for the buy-out. But, variations may be appropriate depending on the circumstances as you may want to incentivize certain behavior and dissuade other behavior. There are many reasons a partner leaves a practice, including death, retirement, disability, and job change.
- You may want to specify different a different buy-out formula for founding partners than non-founding partners.
- It may be fairer for a physician who dies while in practice to receive more than a physician who leaves and engages in a competitive practice a mile away.
- Consider a vesting schedule for the buy-out amount. As a physician gains seniority, so does the percentage of the buy-out amount he or she is entitled to.
- Consider forfeiture of some or all of the buy-out amount if the departing shareholder engages in competitive activity with the practice after he or she withdraws.
- Specify the terms of the buy-out, including the timing of payment. A partner’s withdrawal or retirement should have minimal effects on the finances of the practice and the other partners (depending on who is doing the buying). Most practices will not be able to afford or want to pay a significant lump sum all at once.
2. Is my practice required by law to hold regular shareholder, partner, or board meetings?
Generally, regular meetings are not expressly required by law. Annual meetings may be required by law, depending on whether your practice is a PC, LLC, or LLP.
For PCs, a meeting of the shareholders is required annually for the purpose of electing directors. Otherwise, the certificate of incorporation and by-laws may set forth the rules regarding calling of other meetings. A PC also has a Board of Directors. The law does not require that the board meet regularly. Rather, the by-laws will specify if and when regular and special board meetings shall or may occur. If the by-laws are silent, then the board determines when it will meet. A regular meeting of the Board may be held without notice if the time and place of such meetings are fixed by the by-laws or the board. Special meetings for the board require advance notice to the directors. Usually the by-laws specify the rules for providing any required advance notice. If they do not, then the PC should look to state law to determine the notice requirements.
A PLLC must hold an annual meeting of its owners (called members) annually, unless the operating agreement specifies otherwise. Written notice of such meeting must be provided to the owners in accordance with the operating agreement. If the operating agreement does not specify the notice requirements, then the PLLC should look to state law to determine what must be done. Depending on its structure, a PLLC may also have one or more managers responsible for the management and operations of the practice (similar to the Board of Directors of a PC). The law does not require regular meetings of the managers, and the PLLC’s operating agreement may specify any applicable meeting requirements.
For LLPs, the law does not require regular meetings of the partners. Rather, the partnership agreement may specify any applicable meeting requirements.
If the by-laws, operating agreement, or partnership agreement require meetings and set forth specific notice requirements for such meetings, the practice should comply with these self-imposed requirements or change the requirements to mirror its actual practices. Failure to have meetings when required or to provide the requisite notice for meetings could undermine the action taken by the practice. If a person (including another owner or employee of the practice) wanted to challenge the action taken by the practice, they could cite these procedural failures as grounds to overturn and undermine the decision reached.
Regular meetings of the practice owners and board or managers is a best practice. Additionally, if a practice fails to conduct regular meetings of its shareholders and board of directors (in the case of PCs), members or managers (in the case of PLLCs), or partners (in the case of LLPs), it may be evidence that the owners failed to observe corporate formalities. Generally, owners of PCs, PLLCs, and LLPs enjoy limited liability for non-medical malpractice related liabilities of the practice. However, if a court deems that the owners abused this privilege and failed to observe corporate formalities (like meetings), it could “pierce the corporate veil” and hold the owners responsible for all liabilities of the practice.
3. Can I reference a specialty area of practice in my business name? [Can I do a dba for my practice using any name I want?]
Yes, a practice can reference a specialty in its legal name or assumed name as long as all of the owners have board certification in that specialty.
The New York State Education Department (DOE) exercises supervision and jurisdiction over the formation of and organizational changes related to professional corporations, limited liability companies and partnerships. In this role, the DOE must approve the formation of all professional entities and any changes to such entities’ name, purposes, and ownership. The DOE will not approve the formation of a practice where the proposed name does not comply with legal requirements.
Specifically, New York law requires that the name of a practice appropriately describe the profession practiced and the services to be provided. The law also requires that, if the name includes a reference to a specialized area of professional practice, satisfactory evidence is submitted to the DOE demonstrating compliance with the rules of professional conduct regarding the use of specialty titles.
The rules of professional conduct applicable to dentists specifically require that a dentist may not advertise or indicate a specialty area of practice unless the dentist has completed a program of specialty training approved by the Board of Regents in a specialty recognized by the Board of Regents.
The rules of professional conduct applicable to physicians do not have the same express regulatory requirement. However, the DOE has interpreted the advertising rules applicable to physicians as requiring board certification in order for any specialty designation to be permitted. Specifically, the DOE takes the position that it is misleading for a physician or practice to hold itself out to the public as practicing a particular specialty without the proper qualifications. Additionally, the DOE will only recognize and approve those specialties for which board certification currently exists. The DOE only accepts board certification from the American Board of Medical Specialties, American Osteopathic Association, and the Rural College of Physicians of Canada. It does not accept certification from the National Board of Physicians and Surgeons or evidence of years of experience, residency programs, or CME credits in a particular specialty. Historically, the DOE has indicated that it could temporarily accept proof that a person is board eligible, pending formal board certification. But the physician at issue would still need to pass the boards and present a copy of the board certification or passing exam scores from the specialty board recognized by the DOE.
A physician or practice which advertises a specialty without the requisite board certification could face professional discipline. Therefore, it is important that a specialty practice ensures all owners obtain and maintain board certification in the applicable specialty.
4. I would like to retire in the next year or so. What should I do with my practice and patients?
The decision to retire is significant. Not only does it affect your daily life and finances, but it affects the lives of your employees and patients. Undoubtedly, you have concerns about sustaining your life style in the next phase of your life, but you also have obligations to your patients to ensure that they receive the care they need. There are a number of approaches to consider. They can be implemented independently of one another or combined into a broader approach. The ultimate course of action also depends on whether you are a solo practitioner or part of a group practice.
- Heir Apparent. Traditionally, a soon-to-be-retired solo practitioner hired a successor, taught them about the practice, and eventually turned over the keys. This option works if you have enough time to identify and train such an individual. But you should also consider whether you have enough business or potential for growth to support you and the successor practitioner during the time you are both working.
- Transition Approach. If you are a solo practitioner who is able to identify a buyer or if you are in a group practice, you may be able to relinquish ownership and work in the practice as an employee for a period of time. Perhaps you begin working full-time and phase down to part-time, allowing your patients to be transitioned to the new owner or the other practitioners in your group.
- Group Practice Approach. Consolidation into group practice arrangements among medical and dental providers is a growing trend. In this approach, a solo practitioner can seek out another practitioner or group practice who is interested in buying the practice and adding an additional location. Competitors are a good place to start looking for a potential buyer, as they will be eager to expand their patient base. It is important that you identify a buyer with sufficient capability to serve your patients. For example, if you are a pediatric cardiologist, it will be important that the cardiology practice you join can serve pediatric patients. You can either become an owner of the buying practice for the remainder of your career or you can relinquish ownership and practice as an employee until you retire. Then, when you retire, the consolidated group continues to serve your patients. This approach is inherent in most group practices with multiple providers who provide the same type of medical care. If you are already in a group practice, but you are the only practitioner who provides your subspecialty, then you may have to consider the Heir Apparent Approach discussed above.
- Hospital Acquisition. Hospital acquisitions of medical practices through various captive arrangements is also gaining significant popularity. In this approach, the retiring physician sells the assets of his or her practice to a hospital or hospital system and becomes an employee of the hospital, receiving a highly-negotiated salary and benefits package. He or she continues to provide patient care at the same office location until he or she retires.
- Management Services Company Approach. New York law prohibits a physician or dentist from retaining an ownership interest in a practice in which he or she no longer practices. However, if you have enough time (and money) before your retirement date, you can form a management company to run the business aspects of your practice. Then, after you retire, your management company can continue to provide administrative services to your former practice, giving you a continuous stream of income.
5. Is my covenant not to compete enforceable?
If you are a practitioner subject to a non-compete or a practice looking to enforce a non-compete against a former employee or owner, the question of enforceability is important. Generally, whether or not you can enforce or be held to the restrictions stated in the non-compete depends on the scope of the provision. Scope is evaluated based on both the stated duration and geographic limits of the non-compete clause.
Most courts in New York will enforce a non-compete against a physician or dentist that prohibits competitive practice for one year following termination at any location within five (5) miles of any office where the former employee or owner practiced. Parties to a contract can include a longer duration and larger geographic scope than this, however, if a practitioner violates the non-compete a court will only enforce what is reasonable. If a practice has multiple locations, a court is also not likely to enforce a non-compete in relation to an office where the former employee or owner did not practice or ever see patients.
While the purpose of your practice’s non-compete is ultimately to protect its business interests, it is important to remember that your business interests cannot override patient choice. While practices should take any potential violations of a former employee or owner’s non-compete seriously, a practice should never hinder a patient’s ability to receive services from the practitioner of their choice. This means that your practice should always answer patients’ questions about former employees and owners honestly and accurately and should never refuse to send medical records to another practice.
6. A practitioner is leaving my practice. What issues should I be thinking about?
First, you should consult any employment agreement, shareholder agreement, partnership agreement, or operating agreement for applicable rules and requirements. If the departing practitioner is an owner of the practice, the shareholder agreement, partnership agreement, or operating agreement will specify the rules for his or her buy-out. You may need to consult with legal counsel to appropriately document the buy-out.
The departing practitioner does not own the records of patients he or she provided services to during his or her time at your practice. The practitioner cannot take copies of medical records, unless a patient signs a HIPAA authorization. The departing practitioner also should not be permitted access to patient information for purposes of contacting them unilaterally, as the possession of this information post-employment would be a HIPAA violation.
Your practice should also consult and comply with applicable patient notification rules. Often the letter sent to patients notifying them of the practitioner’s departure is a source of contention. However, the practice should control the messaging and limit the content to the minimum required by law.
You should consider whether the medical malpractice insurance for such provider was claims-made or occurrence-based.
Lastly, any applicable non-compete restrictions should be reviewed and you should remind the departing practitioner of these obligations.
Relationships with other Providers
7. We want to partner with other practices to reduce costs and improve reimbursement rates. What are our options?
This question is increasingly common as practices face increasing costs and stagnant reimbursement rates. However, partnering with other practitioners requires careful navigation of significant federal and state law issues, including the Stark Law, the Anti-Kickback Statute, fee-splitting, antitrust issues, and corporate practice restrictions. The options below vary in the mechanics and regulatory hurdles that must be overcome to successfully implement each of them. Moreover, each model has greater cost savings and reimbursement potential as more practitioners join the model.
- Super-Group. The constituent practitioners could form a practitioner-owned practice out of which all practitioners practice, bill, and collect. We call this the “Super-Group” because it usually includes many practitioners from a wide variety of specialties.
- IPA. An independent practice association is an organization which contracts with independent practitioners and practices (who may or may not also be the owners of the IPA) to reduce overhead and pursue certain business ventures with payors. IPAs can be clinically integrated, financially integrated, or both. The more practitioners participating in an IPA, the greater the potential for administrative efficiencies, cost efficiencies, and enhanced economies of scale. Some IPAs also function as MSOs (discussed below). IPAs generally contract with third party payors on behalf of the network of physicians. Because there is bargaining power in numbers, small practitioners in IPAs may obtain better reimbursement rates by participating in an IPA.
- ACO. An accountable care organization is a network of providers organized to improve the quality of care provided to a defined population of patients. As the quality of care provided by the network improves and the cost of providing such care decreases, practitioners share in the savings. On the flip side, if the cost of providing care increases, practitioners share in the losses. Participants in a Medicare Shared Savings Program ACO enjoy freedom from otherwise-applicable rules under the Stark Law, Anti-Kickback Statute, and antitrust regulations. This enables such practitioners to engage in activities that would otherwise not be permitted outside the ACO, including certain referral arrangements. An ACO may also act as a MSO (discussed below) and provide services to the physicians in the network, allowing for increased cost efficiencies.
- MSO. A management services organization is a business organization which provides administrative and back-office support to medical and dental practices. In New York, a medical or dental practice cannot also provide management and administrative services to other practices. However, medical and dental professionals can form jointly-owned MSOs to provide administrative and management services to their constituent practices. The relationships must be structured carefully to comply with the Stark Law and the Anti-Kickback Statute, but ultimately, practices can capitalize on enhanced buying power with vendors and third party services providers.
8. Can I share employees or rent space and/or equipment in my office to another medical provider?
Yes, as long as the relationship complies with applicable laws like the federal Stark Law and the Anti-Kickback Statute and state fee-splitting restrictions. These legal requirements and restrictions generally require, among other things, that:
- The arrangement is set out in writing and signed by all parties.
- The writing sets forth all of the space, equipment, and services (or employees) covered by the arrangement.
- For shared employees, if the services (or employees) will be provided on a periodic or part-time basis, then the agreement must specify the schedule of services, including length and exact charge for each interval.
- The term of the arrangement must be at least one year.
- The aggregate compensation paid must be set in advance, consistent with fair market value, and must not be determined by or use a formula that takes into account the value or volume of referrals or other business generated by the parties. The compensation also must not be computed based on the income or receipts of the other medical provider. These requirements generally mean that the compensation must be a flat rate.
Additionally, when leasing space, you should be careful of any restrictions on subleasing that might be contained in your lease (if you rent your office) or any mortgage or other financing (if you own your office). Often these documents require that you obtain the landlord or bank’s consent to any subleasing arrangement.
Sharing employees also carry co-employment risks. This means that you could be held responsible for the incidents of and issues related to a shared employee, even if the conduct at issue occurred while the employee was providing services to the other practice.
9. Who owns a patient’s medical records?
For practitioners in group practices or practicing through a professional entity (such as a PC, PLLC or LLP), patient records belong to the practice and not the individual treating physician or dentist. For solo practitioners, patient records belong to the practitioner.
Under HIPAA, patients have an undeniable right to inspect, review and receive a copy of his or her own medical records and billing records. Providers can charge a fee for copying and mailing records, but cannot deny access to a patient who has not yet paid for medical or dental services rendered by the practice.
When a practitioner leaves a practice, the practitioner may not take patient medical records with him or her unless the practice is directed by a patient to send a copy of his or her medical records to the practitioner at his or her new office. It is a HIPAA violation if a practitioner makes copies or takes patient information with him or her when he or she leaves a practice.
When a practice is sold to another physician or a hospital, patient records are also usually transferred. However, the selling practice and the buyer must enter into a medical records custody agreement in order to comply with applicable regulations.
10. How much can I charge lawyers who request copies of patient medical records?
The privacy rule only sets a price for patients requesting their own records. Attorneys and other third parties can be charged any reasonable rate that the practice determines is adequate for their time, effort and supplies.
11. How long am I required to maintain patient records?
- Administrative documents, such as meeting minutes and financial records must be retained for 7.5 years.
- Patient Care Reports (electronic or hardcopy), must be retained for 6 years or 3 years past the patients eighteenth birthday, whichever is longer.
- Patient care data files containing medical treatment and/or billing information must be retained for 6 years or 3 years past the patients eighteenth birthday, whichever is longer.
- Summary record of all patients treated and/or transported must be retained for 3 years.
- Ambulance run chronological log must be retained for 6 years after the last entry.
- Monthly or periodic reports or listings must be retained for 3 years.
- Reports containing information on subjects (not patient specific) such as types of medical emergencies, types and amounts of supplies used, call frequency etc. must be retained for:
- Reports containing billing information - 7 years.
- Reports not containing billing information - 1 year.
- All records pertaining to controlled substances must be retained for 5 years.
- Rescue and Disaster Response Reports and related records, covering specific incidents must be retained for 3 years.
12. When do I have an obligation to report another provider’s conduct to the state licensing board? Is there any other organization I have to report to?
As a provider you have the professional obligation to report the misconduct of other providers to the Office of Professional Misconduct (OPMC) unless that misconduct was discovered within the confines of a peer review or morbidity and mortality meeting pursuant to the bylaws of a hospital or other applicable healthcare organization. A Hospital Medical Staff or the hospital itself has a reporting requirement to the National Practitioner Databank when an instance of misconduct or practice issue results in an impact of a providers license that lasts longer than 30 days.
13. Can a patient sue me if we disclose their information in violation of HIPAA?
Yes, patients can sue a physician, dentist, or practice for a HIPAA violation. However, a patient’s right to sue does not arise under HIPAA. HIPAA does not provide individual patients with any private right of recovery for breaches and HIPAA violations. This is usually a surprise to many patients.
Patients whose information has been disclosed in violation of HIPAA are increasingly using state laws as the basis for lawsuits against the physician, dentist, or practice. Patients seek damages on grounds of negligence or breach of implied contract. This requires the patient to prove that they suffered damage as a result of the practice’s negligence or the theft of unsecured health information. Often, damage is difficult to prove, unless the patient can substantiate additional costs incurred as a result of the breach (for example, credit protection insurance, identification theft insurance, expenses incurred because the patient’s identity was stolen). State laws also protect the confidentiality of personal and health information and, depending on the circumstances, a patient may use these state laws as the basis for a lawsuit. A practice is particularly vulnerable to these types of claims if it fails to establish appropriate and adequate policies and procedures to protect patient information or train their workforce to effectively and appropriately implement these policies and procedures.
14. If I have a business associate agreement with a third party, it’s okay to share patient information with that person, right?
No. Patient information may only be shared in compliance with certain specified permitted and required uses and disclosures under HIPAA. In some instances, a business associate agreement is also required when a permitted use or disclosure is made. However, it is never the only requirement. Even if you have a business associate agreement in place, the disclosure still must be permitted or required under HIPAA.
HIPAA permits you to disclose (without patient consent) patient information with a third party for “treatment,” “payment” or “health care operations.” Each of these terms is specifically defined under HIPAA and should be consulted and reviewed before sharing patient information. This is particularly important when you are considering sharing information with other health care providers for purposes of establishing new practice arrangements, joint ventures, or other business arrangements.
In turn, a business associate can only use and disclose patient information to the same extent that the covered entity would be permitted or required to use and disclose patient information. Moreover, a business associate agreement is not appropriate or required in every circumstance and should only be put in place if the recipient of the information actually is a “business associate” as defined under HIPAA. Many practitioners exchange business associate agreements with other practitioners or third parties (like landlords and vendors) when no business associate agreement is actually required. However, a business associate agreement only needs to be in place with third party service providers who actually receives or has access to patient information in the course of providing administrative or management services like claims processing, data analysis, utilization review, quality assurance, patient safety activities, billing, benefit management, practice management, legal, actuarial, accounting, consulting, management, or financial services. A health care provider who receives patient information in connection with treatment of an individual is not a business associate.
15. What are my practice’s responsibilities regarding compliance with the HIPAA Security Rule?
A practice should have physical and technical safeguards in place to protect its PHI (ie. Unique passwords for computer access, automatic logoff for devices containing PHI, locks on doors, sign in sheets etc). A practice should have an individual to whom HIPAA security is assigned to that will manage all aspects of security and the risk assessment and be responsible for updating anything that isn’t working and investigating any breaches or suspected breaches. A practice should perform a yearly risk assessment to assess the confidentiality of it’s PHI and the adequacy of it’s physical and technical safeguards in place to protect that PHI. There should be measures in place to assess breaches and potential breaches of PHI. There should be a facility security plan in place to protect equipment that stores PHI form unauthorized access and theft. This should include an inventory of all of these devices and who has them to make sure that all devices are maintained and returned if an employee’s role changes or if they separate from the organization. There should be policies and procedures in place to sanction and retrain employees who are involved in breaches or fail to comply with policies and procedures. There should be procedures in place to determine who should access what PHI and to take any unneeded access away. There should be policy in place to control what PHI and data can be removed from the system and if PHI is being transmitted via phone or personal devices those devices should be fitted with HIPAA compliant software and monitored. There should be procedures to monitor outside access and business associate access and terminate or modify the access of any individual that does not comply with the policies and procedures. Protection from hackers and malicious software should be priority. Computer log-ins should be auditable and regularly monitored to avoid unauthorized access of PHI. Password management should be in place to further secure logins and make sure passwords are adequate and being changed regularly. Practice should have a data backup plan to be sure they are able to retrieve PHI lost to malfunction or breach. There should be a disaster plan in place to determine what to do in the event that PHI is compromised or if there is a massive breach. The practice should have a BAA and should be sure to have them in place with all applicable vendors.
16. What types of coding, billing and documentation practices put our practice at risk of an audit?
Any coding practices that involve upcoding or purposely having patient interactions coded to qualify for a higher reimbursement than they should will place a practice at a higher risk of audit. The regulatory and law enforcement agencies regularly mine data and they have benchmarks of how much a particular code or level should be used so if a particular practice is seen as an outlier for a certain code that will generally trigger an audit. Incorrect use of modifiers or not understanding the modifiers for and area and using the wrong one over and over. Any billing procedures where a practice is billing Medicaid as primary when there is a secondary payor or any billing practices that result in billing payors in the wrong order are problematic. Billing separately for services that should be bundled. Duplicate billing where 2 providers provide and bill for the same service without communicating. Billing for services provided by staff that doesn’t meet the requirements or have the certifications (RN as opposed to LPN/Medical assistant as opposed to LPN nurse/uncertified techs/non-board-certified physicians). Documentation practices is overuse of copy forward, not justifying the code in the documentation, changing of the documentation to meet a higher code, not including necessary hard copy notices and documents in the chart, not having the right professional doing certain documentation, having individuals document thing that are outside of their scope of practice.
17. Is it okay to pay our billing company a fee that is equal to a percentage of collections?
Compensating a billing company based on percentage of collections is considering fee-splitting and not permitted. For government payors this also creates an opportunity for abuse if the billing company is also doing coding as it incentivizes non-compliant coding practices. You must set compensation in advance for these services and the agreement should be multi-year as not to appear as if the compensation is changing yearly based on amount collected as that creates the same issue.
18. How often should we update our employee handbook?
The employee handbook should be updated whenever there is a major change in law or practice that requires something in the handbook to change but no less often than annually. Additionally, whenever there is a change to the handbook all employees should receive a summary and training (if necessary) of the changes so that they may ask questions and adjust their practice accordingly.
19. I collect and maintain certain health information about my employees. Do I have to comply with HIPAA when sharing and securing this information?
No. Even though you may possess health-related information about your employees in the context of drug testing, workers compensation claims, and employee benefits (like medical leave), HIPAA does not require you to protect the privacy and security of this information the same way that you must protect your patient’s health information. Moreover, this information is not considered protected health information under HIPAA. The regulations expressly state that PHI excludes individually identifiable health information in employment records held by a covered entity in its role as an employer.
The caveat to this rule is that an employer who maintains a self-insured group health plan. The plan is considered a “covered entity” subject to HIPAA and, as such, these employers are responsible for the plan’s compliance with HIPAA.