In-House or Outsource? The Proverbial Quandary
Compelling Considerations for Outsourcing

Bellinger Moody, RHIA, CPC
Chief Compliance Officer, MiraMed Global Services, Inc., N. Augusta, SC

The question of whether to outsource your anesthesia billing and revenue cycle management (RCM) operations or keep the processes in-house is one pondered by many anesthesia providers and practice managers. Approximately ten years ago, the decision-making process to keep your billing in-house would not have required anywhere near the considerable process analysis, risk assessment and thought that must be considered in today’s anesthesia billing environment. The right answer as to whether or not to outsource is contingent upon many factors: (1) cost; (2) risk/liability; (3) control; (4) return on investment; (5) size of local labor market; (6) state of your practice’s financials; and, in some instances, (7) age of your business. Consequently, the three most heavily weighed factors are cost, risk/liability, and control. As a result, the focus of this article will be on those three factors.

Cost

It is common knowledge that in-house billing expenses associated with recruiting, training and retaining quality anesthesia billers and coders, paying their salaries, covering their benefits, as well as leasing or purchasing billing software platforms, are higher than those associated with outsourcing to a third-party billing company. Typical anesthesia billing and revenue cycle management costs include:

1. Labor/Anesthesia Billing Staff: annual costs include median salary, healthcare, federal and state taxes, training to keep updated on anesthesia billing industry changes
2. Office Space & Supplies: monthly costs for office space, statement paper, general office supplies, office hardware and other miscellaneous costs
3. Software and Hardware: upfront cost and/or monthly leasing cost of software system for billing, practice management software, and computer and printer hardware costs
4. Direct Claim Processing: monthly clearing house fees

Most national anesthesia billing companies have their own proprietary software platforms (for which costs are lower due to the fact that many have been in place for some time and the only common costs are maintenance and updates, over which they have control). In addition, the volume of claims processed by national anesthesia billing companies is usually considerably higher than a practice that performs its own billing. Consider also that many vendors such as clearing houses, statement companies, office supply companies, healthcare insurers, etc., provide discounted rates to large national RCM firms, which typically translates into lower overall business costs. Based on a five-year data sample obtained from practices that have transitioned from in-house billing to MiraMed subsidiary Medac, anesthesia practices spend between 6.5 percent to 11 percent of their collections to perform their own in-house billing. Outsourcing anesthesia billing reduces that cost—often significantly—as there is no need for billing staff or space for a billing department.

Another significant cost consideration is that of compliance. With frequently changing regulations and new laws enacted on at least an annual basis, compliance costs have increased exponentially. The most significant contributor to increased compliance cost is data security. As evidenced by the recent data breach experienced by insurance giant Anthem (previously Wellpoint) in February 2015, security of PHI (personal health information) is a significant challenge for all covered healthcare entities. Another contributor to increased compliance cost is security and protection of patient credit card information. The major threat of data breaches posed by hackers (cybercrime) has created these increased costs, which include: hardware, software, ongoing education and training, policy implementation for internal controls, and testing.

Risk/Liability = Compliance

The last 15 years have seen the most significant changes in healthcare law. With new or enhanced healthcare legislation such as: (1) Information Transparency and Personal Data Control Act (ITPDCA); (2) 21st Century Cures Act Information Blocking Rule; (3) ACA (Affordable Care Act), Enforcement of HIPAA’s Administration Simplification Portion; (4) HITECH Act (Health Information Technology for Economic and Clinical Health Act); (5) TCPA (Telephone Consumer Protection Act); (6) FERA (Fraud Enforcement Recovery Act); (7) MMA (Medicare Modernization Act Section 306); (8) DRA 2005 (Deficit Reduction Act of 2005); (9) TRHA Section 302 (Tax Relief and Health Care Act Section 302); as well as (10) the expansion and creation of new government agencies and contractors such as RACs (Recovery Audit Contractors), MICs (Medicaid Integrity Contractors), and ZPICs (Zone Program Integrity Contractors). The cost involved with doing your own anesthesia billing has skyrocketed, and the compliance risks have more than tripled.

Although cost and control are significant factors to consider when weighing in-house billing vs outsourcing, the single biggest threat for billing entities today is compliance. Healthcare fraud and abuse enforcement is still at center stage as a huge money-maker for the government. The 2014 HCFAC (Health Care Fraud and Abuse Control Program) Report revealed that the government is making $7.7 for every dollar they spend in this area. As such, it should come as no surprise that the Department of Justice (DOJ) issued an Interim Final Rule on June 30, 2016 that doubles the amount of penalties under the False Claims Act (FCA) and the Anti-Kickback Statute (AKS).

The current penalties range from $5,500 – $11,000 per false claim. However, effective August 1, 2016, FCA penalties increased from a minimum of $10,781 per claim to a maximum of $21,563 per claim and the AKS penalties increased to $21,563 per occurrence. The DOJ allowed a comment period that ended on August 29, 2016; however, due to abstinence by congress, these penalties under the FCA and AKS have doubled.

Clearly, healthcare fraud and abuse are still major compliance risk areas; however, we no longer exist in a billing environment where regulatory billing compliance is the only major compliance risk factor. The days of anesthesia compliance professionals worrying mostly about whether anesthesia services were appropriately documented, coded, billed and collected (in accordance with OIG, DHHS, federal payer and third-party payer policies and guidelines) are long gone. Healthcare compliance professionals have identified data security as the single most formidable compliance risk area for healthcare organizations, healthcare providers, payers and billing entities. The two major data security risk areas:

1. PHI (Personal Health Information) Data Security/Compliance: With cybercrime and hacking at all-time highs, data security is now considered to be the single most critical compliance risk area by healthcare compliance professionals. In fact, the current cybercrime environment has created the justifiable need for a totally new senior level executive position — CISO (chief information security officer). The CISO is a senior-level executive responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. Salary.Com reports that the median annual chief information security officer salary is $196,027, as of August 29, 2016, with a range usually between $164,816-$237,026. However, this can vary widely depending on a variety of factors. The question you may now be pondering is “can I really afford a CISO?” The real question you should be pondering is “can I afford NOT to have a CISO?” The HITECH Act sets federal penalties on healthcare companies that leak data on 500 patients or more as high as $1.5 million per incident. For all other industries, the Health Insurance Portability and Accountability Act imposes stiff civil and even criminal penalties for those responsible for data breaches. So, why are these penalties for breaches of personal health information so high? According to a September 24, 2014 article published in Technology News, by Caroline Humer and Jim Finkle, “your medical information is worth 10 times more than your credit card number on the black market.” Personal health information contains names, birthdates, policy numbers and medical record numbers that may contain social security numbers as a part of their nomenclatures. The bottom line is that fraudsters are much more attracted to PHI than financial information because of the opportunity for identity theft. Why steal credit card information when they can steal your identity? Cybercriminals are selling this information on the black market at a rate of $50 per patient chart. The question most anesthesia in-house billing operations must now also weigh is whether they want to take on the added risks and costs associated with maintaining and securing PHI or pass the overwhelming majority of that risk on to an outsourced billing business partner that has the infrastructure, resources and controls to better assume these risks.
2. Payment Card Industry Data Security Standard Compliance: The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card companies including Visa, MasterCard, American Express, Discover and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external qualified security assessor (QSA) or by a firm-specific internal security assessor (ISA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by a Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes. Validation of PCI DSS compliance is an area that many in-house and smaller billing entities neglect; however, if a credit card breach occurs (e.g., by hacking or a dishonest employee), this validation could mean the difference between hundreds of dollars in fines, millions of dollars in penalties and damages, or even prison time. Once again, this is now another major compliance risk area that must be weighed when deciding whether to keep the billing in-house or outsource.

Control

Many providers and administrators like having hands-on control of financial operations through in-house billing. Much of the anxiety about relinquishing control centers around five key areas: (1) collections performance; (2) compliance; (3) appropriate staffing; (4) accessibility/proximity; and (5) A/R management. All of these anxieties may be addressed contractually with collections performance and A/R management guarantees and clauses, staffing guarantees, as well as auditing requirements to ensure compliance. Some billing companies are even willing to reduce your monthly fee and reallocate the funds toward an external auditor of your choice. Additionally, as with most outsourced billing agreements, billing companies are contractually obligated to follow up on all unpaid and denied claims.

Due to rapid advancements in technology, accessibility and/or proximity fears have become less and less significant in the decision-making process. Many national outsourced anesthesia billing companies supply you with comprehensive performance reports—on demand—via web portal, and/or upon request. This capability provides unparalleled visibility into your billing operations without requiring you to micromanage—or even oversee—any staffers. Comprehensive reports are wonderful; however, having access to information and images all the way down the individual patient account level is absolutely vital. Specifically, having individual patient account web-portal access to view: (1) images (i.e., EOB, anesthesia record, patient demographic, claim form); (2) billing and coding information (i.e., patient name, insurance company name, CPT codes, anesthesia start and end time entered in the system, etc.); (3) line item account transactions and postings (i.e., payments, adjustments, credits, etc.); (4) unpaid and underpaid claims follow-up activity notes; (5) unpaid patient balance follow-up activity/notes; and (6) patient statement activity/notes provides you with total transparency. You now have all the necessary tool to instantly audit your outsourced billing company. Total patient account transparency is one of the most important considerations in the decision-making process when weighing the control factor. Last, but not least, proximity issues may be contractually addressed by requiring billing company presence at monthly or quarterly group meetings.

Conclusion

As previously mentioned, cost, liability and control are commonly the most heavily weighed factors when deciding whether to outsource your anesthesia billing operations. Aside from clinical services, billing and revenue cycle management are the most important processes of your practice. Your cash flow depends on them, so the decision of how to handle these services should not be taken lightly. You should do assessments of your practice’s costs, risks, staffing and volume metrics to determine what is right for you.

Although cost and control are two primary factors that must be carefully assessed, in the current healthcare fraud and abuse/cybercrime environment, I cannot emphasize enough how absolutely critical it is—now more than any other time in your practice’s history—that you more thoroughly assess your practices’ liability/risk (in relation to these two areas) in weighing your decision to outsource.

Finally, it is important for anesthesia practices/providers to factor in their individual costs and preferences when deciding whether or not to outsource. In an apples-to-apples comparison, most are now determining that outsourcing is their best option from a cost perspective. However, as stated throughout this article, cost is NOT the only issue anesthesia practices should consider. There are many other factors involved in this business decision that may be as important as cost. You must weigh all factors to determine which option is best for your practice.

Bellinger Moody, RHIA, CPC is Chief Compliance Officer for MiraMed Global Services. With over 30 years of experience in the healthcare industry and 25 years of experience in anesthesia and pain management billing, coding, reimbursement, education and management, Mr. Moody is a nationally recognized expert in the industry. Prior to this position with parent company, MiraMed Global Services, Moody served as Chief Compliance Officer, CEO and President of MiraMed subsidiary Medac. Mr. Moody has a Bachelor of Science in Business Administration from Morehouse College. He is a nationally Registered Health Information Administrator (RHIA) through the American Health Information Management Association (AHIMA), a nationally Certified Professional Coder (CPC) through the American Academy of Professional Coders (AAPC), a nationally Certified Compliance Professional (CCP) through the Healthcare Fraud & Abuse Compliance Institute, an AAPC Approved Professional Medical Coding Curriculum (PMCC) Coding Instructor and a member of the Medical Group Management Association (MGMA). He can be reached at bellinger.moody@miramedgs.com.