Provider’s Responsibility for PHI
To confirm Medicare eligibility and claim status, the Centers for Medicare & Medicaid Services (CMS) mandates that all physicians, billing businesses, and outsourced agencies use the Medicare Administrative Contractor (MAC) eServices tool or the Interactive Voice Response (IVR) system. However, it is becoming more common for outsourced business partners to disregard this criterion.
Inquiries from billing firms and other outsourced organizations that have neglected—or outright refused—to utilize one of CMS’s required automated systems have increased. Furthermore, it has become more common to receive calls from representatives who are unfamiliar with fundamental Medicare coverage or billing standards, requiring MAC advice and repeated explanations.
Therefore, providers should cautious when outsourcing their billing. Provider should confirm that their partners are following the proper communication channel and following Medicare rules and requirements. It is important to verify processes. Provider is accountable for any protected health information (PHI) or HIPAA breaches. Provider should be liable for penalties if any violation or breaches occurred.