This is the second of two parts dealing with compliance and your partners. You can read part one, “Compliance and Your Partners: Is Everyone Doing Their Part?” by clicking here.

The US Department of Health and Human Services last year released the HIPAA Omnibus Regulations, which among other things codified the relationship between healthcare providers and their partners.

The new regulations could be summed up in one sentence: A healthcare provider’s partners must function in the same manner as the provider, and to make sure, the provider is ultimately responsible for the actions of their respective partners.

To be compliant, providers and their partners must work more closely than ever before. And the two keys to that relationship and to maintain compliancy require following two major precepts: transparency/visibility and information security.


When it comes to patient accounts receivable, the more seamless the transition from provider to partner and back, the better the experience of the patient and the lower the risk that one or the other may find themselves out of compliance.

More than ever healthcare providers must have visibility into the systems of their partners to make certain they are following HIPAA or the Patient Protection and Affordable Care Act regulations to the letter. There is no longer any such thing as a clean handoff, where a patients account is passed to a third party and the healthcare provider “hopes” that nothing goes wrong.

At ProSource, we take a different approach to providing our providers with the assurance we are compliant with their patient accounts. Rather than maintaining separate patient account receivables systems, instead we use the same systems as the providers.

Because we work on patient accounts using our clients’ systems, they have complete transparency into our activities on their behalf and in real-time. There are numerous advantages to this approach. For one, when a patient calls the provider with a question about a bill, our provider partners have visibility into our activities on that account. It also means that the experience for the patient is seamless.

While the approach has numerous advantages, it requires an added emphasis on the second facet of compliance: information security.

Information Security

Because we work in the client system, our staff must work in a secure environment. In fact, our offices are far more secure than the counterpart offices in the majority of our clients.

Under HIPAA, an information breach by a provider’s partner carries the same prosecutorial weight as if the breach had occurred by the provider. With fines for some breaches reaching millions of dollars, securing critical data has become paramount.

At ProSource, not only do we have highly secure environments, but we also enforce that security in the behavior of our employees who work on partner accounts. Employees are not permitted to bring cell phones or other similar electronic devices (such as cameras) into secure environments.

One of the biggest advantages of this approach is that data never leaves our clients. Those providers who still use partners that require transferring patient accounts receivable must now practice due diligence to insure those records are well protected. This may include regular site visits of partner facilities and regular security audits. In fact these are good practices for any provider and their partner.

The more transparent the relationship between the provider and partner, combined with best practices when it comes to information security, is the recipe for a patient accounts receivable system that not only protects the provider, but should also increase overall patient satisfaction.

Roberta Schultz, director of operations for ProSource, an Array Services company, has over 23 years of healthcare Revenue Cycle and A/R Management experience which includes managing various revenue cycle projects for multiple healthcare facilities including physician, hospital, and healthcare organizations.

Next Article: Major Moves in the Debt Purchasing World. ...