The economics of health care is complex and highly regulated. Health systems, hospitals, physician practices, ACOs, and providers of all types find it harder and harder to stay out of the red. Efficiencies must be gained, and healthcare business executives looking to alternative delivery models and cost-cutting measures where possible.
One area where efficiencies can be gained and costs can be contained is the use of offshore outsourcing partners to perform medical coding and revenue cycle management services – either as an adjunct to an existing billing office or in wholesale replacement of a billing office.
This raises one of the most primary concerns of hospitals and health systems: is their patients’ privacy closely protected? Hospital executives want to know what measures they should demand of their outsourcing suppliers to safeguard patient health information and prevent information being accessed by hackers. They want to know – is it safe?
Is it safe?
Most medium to large sized organizations employ a variety of information security controls. However, without an information security management system (ISMS), controls tend to be limited or non-comprehensive. That is often because they were implemented to support point solutions to specific situations or simply as a matter of necessity for certain circumstances. Security controls in operation generally address certain parts of IT or data security, specifically, leaving non-IT information assets (such as paperwork and proprietary knowledge) usually unprotected. Also, it can occur because business continuity planning and physical security may be managed quite independently of IT or information security. Likewise, human resource practices may make little reference to the need to define and apply information security roles and responsibilities throughout the organization.
To compound matters, the U.S. healthcare system and its privacy and payment models are foreign to a large part of the world. Therefore, it is necessary that when work is being performed offshore, the outsourcing partner understands U.S. healthcare. They must have the appropriate infrastructure, process and human resource processes in place so that patient health information is protected.
At Vee Technologies, all employees undergo extensive training as to how the U.S. healthcare system operates, how insurance works, how healthcare services are rendered, and how bills are paid.
Part of this education includes HIPAA and PHI training. In fact, at Vee Technologies, employees undergo an oath and commit to a creed. Our workers fully comprehend and appreciate the company’s policy regarding 100% HIPAA compliance.
Next, there are other risk and security protections in place for process and computing and network technologies. “ISO 9001:2015 specifies requirements for a quality management system when an organization:
- Needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
- Aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.