Red Flag Rules — With a Little Help From Our Friends

By Frank Nuck, Financial Control Solutions

If someone warns you of a “red flag,” the first thing the statement causes you to do is attend to it. Right? Red flag! Warning! Caution! Heed! Alert! Duck! And take action!

The Red Flag Rules (the “Rules”) is an anti-fraud regulation requiring creditors and financial institutions with covered accounts to implement programs to identify, detect and respond to the warning signs — “red flags” — that could indicate identify theft. The Rules require implementation of an Identity Theft Prevention Program (hereinafter, “ITPP”). Financial regulatory agencies and the Federal Trade Commission (FTC) developed the Rules, which were mandated by the Fair and Accurate Credit Transactions Act of 2003. Under that Act, a “creditor” is defined as any entity that regularly extends or renews credit or arranges for others to do so, and includes all entities that regularly permit deferred payments for goods or services. Note that on or about July 29, 2009, the FTC, via a news release, said it will delay enforcement of the Red Flag Rule — as applied to the health care industry — until November 1, 2009. The release states that the purpose is to give the FTC additional time to “redouble its efforts” to educate and assist entities regarding compliance with the Rule and ease compliance by providing additional resources and guidance to clarify whether a given business is covered by the Rule and the nature of compliance.

Since the AMA previously failed in its challenge to permit physician’s practices to be excluded from the Rules, this article assumes that physician practices must be included and are “creditors” with “covered accounts” under the Rules. A practice that accepts only cash or credit card payments, as well as those that only accept direct payments from Medicaid or similar programs where the patient has no responsibility for fees, should be excluded. As an editorial observation, when it comes to whether or not to comply with a program for the Rules, err on the side of implementation, since FTC studies indicate that medical-related ID theft is a real and growing threat to both your patients and the public at large. Compliance with the Rules does not appear as burdensome as compliance under other regulations controlling medical practices, and such regulations governing ID theft and security will only exacerbate. Surprise.

At a basic level, all the Rule is telling a medical practice to do is to take action, per your ITTP, when certain events, identified in the ITTP, occur. By now, there have been just enough announcements, notices and trade press to trigger consternation over compliance, but not enough to eliminate concern about all necessary elements of compliance, which will only become evident over time. The sources traditionally sought for help, such as the FTC Red Flags website (www.ftc.gov/redflagsrule), offers resources to support compliance, including an online template to help entities design their own ITTP as well as articles, guidance manuals and FAQs to help navigate the rules.

Again, this article is written to emphasize that in an ever-burgeoning regulatory environment, you may seek to place additional requirements on certain vendors, i.e, those handling your patients’ medical ID information, for protection. A given vendor might/should implement its own ITTP in order to be “another set of eyes” watching for red flags related to your patients’ medical ID information. After all, they benefit from supplying goods and services to your practice.

This concept is already in play by virtue of HIPAA, and the notion of requiring certain vendors to enter into Business Associate Agreements in order to protect patient confidential information(HIPAA vs. the Rules, see Inset No. 2). The issue is a bit more subtle, yet no less salient, when applied to compliance of the Rule. Under HIPAA, “business associates” of “covered entities” are required to maintain confidentiality of patient health information. However, vendors such as billing services and collection agencies, to date, are not required by statute to implement a Rules program. Our position is that, as a matter of quality control as it applies to the Rules, a practice should at the very least inquire as to how certain vendors implement their own ITTP that will help protect both the practice and its patients — and perhaps require that they do so.

In general, quality control programs of any sort focus on reduced error rates in order to increase quality. Error rates in any system may be reduced through redundant action. That is, if a particular action results in a human error rate of one in 100 and cannot be further reduced through automation, then if a next actor were to review the exact same action with the same likelihood of error, mathematically, the error rate drops to one in 1,000 (by multiplying the coincident error rates). Obviously, the fact that a given vendor does not mirror your practice’s actions while implementing given regulatory controls makes the application of the above principal less than exact. However, the mere fact that the vendor is also looking at red flags that involve your patients does enhance an overall identity theft prevention system — both internal (endogenous) and external (exogenous).

If we assume that conscripting your vendors to add to the wall of protection of medical ID theft is a good idea, then what should they be doing for you to help protect your operation? We are not suggesting that they either consult or give legal opinions as to the Rules and your practice, but rather to simply inquire into, or audit, a vendor’s own QC controls involving the Rules. The following is an example of questions to ask a billing service or collections vendor when auditing their coverage or the Rules as applied to them:

Has your organization implemented an Identity Theft Prevention Program comporting with federal Red Flag rules? If so, is it in writing?
If so, does it identify a clear program purpose and definitions, and could you have a copy of the program?
Does it identify at least the five primary categories of red flags?
Does it identify actual red flags that are subsumed under those categories and apply to their business?
Does it include a training program, and if so, how is training evidenced?
Is there a prevention (not just reactive) program in place, and how is the program reviewed?

Attempting to meet the letter of every rule, regulation, letter opinion, announcement, declaration, interpretive ruling and the amendments thereto leaves virtually all health care providers with a “Hobson’s Choice” of sorts: Either obey, or be subject to sanction. Since the likelihood of the first option, if not impossible, certainly gives infinity a run for its money, most practices are left with the second — and assuming this deduction is correct, is there any solace?

The short answer is decidedly “yes” as it applies to the Rules, since the complexity or scope of an ITTP can be scaled to the risk and size of the particular health care provider, a rational notion not seen in every regulatory imperative (which harks back to the initial lines of this article). It appears that while there are stated requirements — such as, identify red flags to be detected, detect the red flags presented, respond appropriately to mitigate and further prevent theft and ensure periodic program updates — no one can possibly anticipate the infinite iterations of aberrations in day-to-day activity, documentation and communications in order to capture them in a written program.

To clarify, a “red flag” to a theft of identity is some event, document, information or attempted transaction that should alert the practice that someone is not who he or she claims to be. Suggested instances triggering red flags could be:

An unrecognized individual, who refuses to provide information related to their identity but is seeking service. Note: As an agency, we recently received an inquiry by a medical provider client as to whether they could require that a patient provide a Social Security number. The short answer is “no.” The interesting issue is whether or not such failure in itself would constitute a “red flag,” triggering further inquiry and a need to look to the ITPP for procedural guidance;
A patient individually falsely claiming to be someone else known to the office staff;
An individual who is unable or unwilling to provide contact information;
Documents that appear to have been altered or that do not match the person presenting the information;
Altered or cancelled insurance cards; Any form of notice stating that a patient’s information or identity may have been stolen;
A notice that the patient is on active duty in the armed forces;
Address discrepancies in consumer credit reports;
Disputes about bills by a patient claiming to be a victim of ID theft;
Undeliverable mail or returned checks;
Requests for a prescription or refill that does not comport with either past practices involving that patient or know instructions to that patient;
Any past security breaches involving an inquiring patient, e.g., if there had been a prior computer database-related breach of information;
Discrepancies between purported medical records and the patient’s physical condition.

Complying with the Rules is a “vigilance thing.” There is no way to identify all possible red flags beforehand, so recognizing a discrepancy in procedural expectations or documentation is the last bastion of hope to investigate whether it is related to medical ID theft. Unlike HIPAA, which requires the execution of Business Associate Agreements to protect certain information, we are suggesting that a practice consider requiring certain vendors to implement their own ITPP, which they may not be required to do under the Rules, but which they may do at your behest.

Frank Nuck has authored other articles for M.D. News related to electronic check collection and remote check deposit as the industry winds to a paperless office. For more information, e-mail admin@fcs2collect.com or visit Financial Control Solutions’ website at fcs2collect.com.

Check Deposits at the Speed of Light

By Frank Nuck, Financial Control Solutions

So the mail just arrived and a large stack of checks is staring at you, just being to be taken to the bank. Only it’s mid-January in Wisconsin, it’s been snowing for eight straight hours, and there is no way you want to go outdoors, especially to fight traffic and the weather just to go to your local friendly bank (they’re nice, but not that nice) just to deposit checks. Unfortunately, the other stack of paper staring at you, are your bills, so suit up and go. How bad can it be?
But what is you could deposit those checks from the warmth and protection of your office? No weather, no wear and tear on your vehicle, no hourly labor just for the trip, no potential theft, or heaven forbid, the threat of car accident. With a recent change in federal banking regulations, you can do just that.

Up until about two years ago, non-retail operations were not permitted to electronically deposit checks from their office. Scanning checks per se is not new. The national Automated Clearing House (ACH) system has provided an electronic highway for checks as well as other automated payment related transactions for many years now. It took a change in federal regulations, however, to allow general business offices to take advantage of the highway for check deposit. The question is whether it makes sense for your office, and the first place to look may be your bank statement (the challenges of Wisconsin winters not withstanding)

Generally speaking, when you set up your banking relationship, you knew that you would be paying baking fees, though most people when asked would be hard-pressed to remember what exactly they pay on a monthly basis. And different banks fee their customers differently. In fact, I would wager that if you pulled your last checking account statement analysis – if you actually receive one – how you are charged and what you are charged may be anything but clear. Besides, if you are paying $.12 per check and $.35 per deposit, how costly can it be? On the other hand, if you could reduce those costs while eliminating the trip to the bank and have your checks clear in no more than 24 to 48 hours, why wouldn’t you?

“Accounts Receivable Conversion” (ARC) is the jargon used by the regulatory body that governs the ACH system – National Automated Clearinghouse Association – that refers to converting the paper check into electronic text capable of being sent through the ACH system. This process should not be confused with the so-called “Check 21” legislation that took effect this year and requires banks to utilize an infrastructure different from that provided by NACHA. Check 21 (the “Check clearing for the 21st Century Act”), spawned by the holdup-in check transfer that occurred when federal aircraft were grounded following 9/11, transfers images rather than text. As an aside, people are still speculating whether Check 21, which provides for faster check clearing, will require more, less or the same fee structure as accompanies the use of the current NACHA system.

ARC is a very straightforward technology and application. Utilizing software accessible by your PC, your office would simply scan checks to create a batch, run a tape total to match the batch total, press a button and zap. Your check information is digitized and routed through the ACH system. In some systems, once you enter your patient information the first time, then every subsequent time you scan a check, you only need to key in the date and amount. No bank trips. No deposit slips. Rapid clearing. And, depending upon compatibility, you may be able to import the check data into your billing system.

Cost-justifying ARC is highly idiosyncratic to a particular office. A full-blown analysis should examine quantitative issues such as your current banking fees, labor costs for preparing deposit slips and bank-trip charges, all of which should be properly burdened with real overhead numbers. You can imagine that the comparative cost structure is significantly different if your office is upstairs from your bank, or if you have to drive through a gauntlet of terrain and traffic obstacles to get to the bank, or if your offices are large with a corresponding burden rate. However, the cost justification should be relatively straightforward once you can decipher your actual banking costs.

Given the advent of Check 21, there is more uncertainty about the future of banking-related fees and banking-related activity, but also more options. ARC can provide a cost-effective alternative to your current check management methods while offering the speed promised through Check 21.

For more information about Remote Deposit Checking, contact Financial Control Solutions.

MEDICAL A/R MANAGEMENT: An Innovative Approach to Ensuring Profitability

By Alexandra Strauss

Few physicians entered their chosen profession because they wanted to run a business. In fact, if they were being honest, many would prefer never to have to think about the daily tide of incoming and outgoing bills and invoices that keep the practice afloat financially. In general, even the most business-savvy physicians prefer to spend their time concentrating on their passion: medicine. Nonetheless, most physicians also expect that their practice will easily generate sufficient cash to maintain a profit each year.

But in these days of shrinking reimbursements and dwindling health care insurance coverage, profitability of a medical practice is not the sure thing that it used to be. Today’s medical practice billing department needs to know much more than how to submit insurance claims. And as the responsibility for payments is increasingly shifting from insurance companies to patients themselves, the whole process has become more confusing, complex and precarious.

“Patient confusion and cost-shifting is likely to make cash flow much more erratic for physicians in the future,” predicts Frank Nuck, Esq., President of Financial Control Solutions (FCS), a Milwaukee-based firm that was born over 40 years ago as a third-party collection agency, but now is so much more. The company originally opened its doors by serving physicians. Today, over half of its client base are doctors’ offices, which gives it a leg up in understanding the challenges facing doctors when it comes to managing, by providing RecoveryAssist™ a unique offering in the region.

“We believe in investing time and energy on the front end to help our clients,” says Nuck. “There are many things that we can do to help make their lives easier.” Helping clients to reduce the number of accounts that are past due may seem counterintuitive for a collection agency, but Nuck says it is all about relationship building. FCS recognizes that growing practices are always going to have some need for collection services and that, if they prove themselves to be a worthy and committed partner, they will be entrusted with those collections.

“RecoveryAssist™ is really just a simplistic way to increase account recovery and reduce the need for collection,” explains FCS Vice President Suzanne Gizella, who has worked with hundred of medical offices during her 16 years with the company. “Basically, I start by going into an office and auditing their accounts receivables. We look at everything and we help them do a complete cleanup. We make sure that everything that needs to be submitted to insurance has been submitted. A lot of agencies won’t even bother to work with insurance companies, but we will work with them. We will even submit new HCFA forms if necessary.”

Initially, Gizella will work intensely with an office for the first three months, helping them to review their processes and set up a system that works. The entire audit and Gizella’s consultation and advice are free to clients. “I’ve never heard of anybody else who even comes close to offering a service like this,” says Nuck. “You’ll find accounting firms who will go into your office for $250 an hour with the goal of helping you increase cash flow and improve collection. FCS acts as a consultant and we do not charge for it. It is unique. It is a differentiator.”

Milwaukee family physician Gojko Stula of Health Guard Medical Group thought the concept had merit when his office began working with FCS 16 years ago. At the time, their billing system was in a state of chaos. Current billing manager Ann Heding says FCS’ hands-on, personal approach allowed the practice to regain control of its A/R and get back on track. “Our last collection agency did not even bother to come to our office. They did nothing to help us identify problems or clear our books,” recalls Heding. “But FCS not only came out and spent time with our books and helped us to set up our own system, they are still there for me any time I have a question or need assistance. And we recovered over 80% of what was outstanding.”

Gizella and the team at FCS are skilled at quickly and efficiently identifying the red flags and helping the practice take action in the form of a “bridge letter” or “option letter and the labor costs are absorbed by FCS.” Sent out to delinquent accounts on practice letterhead (but on pink paper), the letter is a gentler way to collect a debt by offering the patient some options for repayment, such as setting up a monthly payment plan. “Quite often patients don’t even know that their account is seriously past due,” says Heding. “They’re just assuming that their insurance is going to pay. The bridge letter has been a very positive method for us.” Now, when a patient’s account reaches 45 days, Heding’s billing department automatically sends a bridge letter. Accounts that remain delinquent can be turned over to FCS for collection. Because the letter comes from their doctor and not a collection agency, and is even hand-addressed, patients are more likely to respond positively, a fact that not only means a better rate of recovery but also the preservation of the important doctor / patient relationship.

Due to the success of this program for Health Guard Medical Group, Dr. Stula, Medical Director, and his administrative staff have implemented this same system for his new practice, LifeSteps Health and Wellness Clinic, specializing in the areas of hormone imbalance, weight loss, adrenal fatigue and thyroid disorders, along with anti-aging aesthetics and supplements.

And such stories are not uncommon for FCS. Often, Gizella finds, a practice is its own worst enemy when it comes to facilitating on-time payments, and the A/R department may not even be aware of it. In such cases, the suggestions she makes and the experience she brings can be invaluable. “Many practices don’t bill the patient at all until after the insurance pays, which is a big mistake. Others assume that because a particular case is in litigation, they should not bother to send statements. Another big problem is just failing to review your A/R on a regular basis so that you miss those red flags that would be prompted you to take action.”

“The approach to medical collections is considered qualitatively different than collecting in most other markets,” explains Nuck. “We tell prospective practices that our approach is to assume we will both collect monies owed while protecting the practice-patient relationship. Conversations with insured patients invariably turn to insurance issues, meaning more of the collection effort is pure problem solving in nature.

“Since FCS was born in the medical market, our culture and reflexive agent orientation is toward a highly professional approach to debtor interaction.” During agent training, FCS emphasizes tone, vocal control and pace as well as content. The company regularly audits agent-debtor discussions to make sure they are practicing what FCS preaches.

Over time, approximately 7% to 12% of patients make payment to the practice upon receipt of the bridge letter. Because calls to the office typically increase after bridge letters are sent out, FCS will work with the office to space mailings so as not to overwhelm the staff with incoming calls. Monies collected by the bridge letter flow directly to the practice, with no commission paid to FCS.

“The key to the whole thing is they aren’t spending any money for my time and to get those letters out,” says Gizella. “And we are getting those accounts into the office within 90 days. We can run the numbers at the end of any month and show the practice that more money is coming in to the office. The result is a cleaned up A/R, virtually no accounts more than 90 days old and a system in place that they can use forever.”

For their part, FCS not only builds a solid, trusting partnership with RecoveryAssist™ but, with a system in place, they can also be ensured of some consistency in the turnover of accounts. Even if there is a change in the billing staff, a client office using RecoveryAssist™ is going to consistently move past-due accounts over to FCS for collection. And if FCS receives accounts in a timely manner, they are more likely to be able to collect.

“One of the few truisms in the collections industry is that the older the account becomes (age of the account), the less likely that you are going to collect,” says Nuck. “If we can move the time that we receive the account to not older than 90 days, the rate of recovery is going to go up and the client is going to make more money.”

Their approach may be unconventional, but FCS and the RecoveryAssist™ program have been well received by the medical community. Gizella says a full 95% of her new clients now come from word-of-mouth referrals. And, as they reduce their outstanding A/Rs and recover more of the money they are owed, new client practices become long-term clients.

“Bill people will say that life has just gotten so different because now they can enjoy their job,” says Gizella. “It takes so much of the stress out of billing. We shrink their accounts receivable down until it’s very, very manageable. With this system that we set up internally, they can go back to the physician and show exactly what steps have been taken to collect the outstanding balance in-house. The physician can then clearly justify moving it to the next step.”

Contact Financial Control Solutions for more information about their full service accounts receivable management solutions.

Testimonials

“Working with Suzanne and Financial Control Solutions with RecoveryAssist™ has proved to be a great benefit for our business. They have assisted us in getting better control of overdue accounts and helped us increase the capture of these accounts, thus increasing our revenue. It is a pleasure working with them.”

-Peg Vick, Office Coordinator, Surgical Specialists of Dodge County

“We started our association [with FCS] at a critical time in our practice, taking the billing away from a large corporation and brining it in house. We are now in very strong control of our accounts receivables due in part to the support and structure of RecoveryAssist™. It is comforting to know that, when needed, FCS will help collect our outstanding balances with the same courtesy and respect we give our patients in the office.”

-Tari Schulte, Office Manager, Medved ENT, S.C.

Suzanne has made a positive impact for our clinic. She is extremely knowledgeable in this area and presented the product to our physicians in a professional manner. The process works and we have already seen results. We only expect to continue to decrease our AR and hear responses from our patients due t this “pink letter.”

-Nancy Rabideau, Administrator, NeuroSpine Center of WI, S.C.

After reviewing the accounts that have been worked on since [Suzanne’s] initial visit, it has been determined that we have collected $15,346.78 from the patient aging. Your input and guidance helped us implement a ‘tighter’ collection policy and has empowered the billing staff. I appreciate their determination and high-energy style.

-Gail Oninski, Office Administrator, Shoreview Pediatrics, S.C.

In the short amount of time we have been with FCS we have already collected over $1,500. At first when I heard how they do their collections, I was skeptical. It sounded too easy. But it is working wonderfully and we are getting our AR cleaned up very quickly. Suzanne is wonderful to work with and very, very helpful.

– Rhonda Davis, Bone & Joint Surgeons, Ltd./Mokena Family Physicians, LLC

Slide 1

Slide 2

Slide 3

Slide 4

Monthly Archives: April 2013

Red Flag Rules — With a Little Help From Our Friends

Check Deposits at the Speed of Light

MEDICAL A/R MANAGEMENT: An Innovative Approach to Ensuring Profitability