Nonprofit Healthcare Payer Detecting Dirty Data to Prevent PHI Breaches and Fines

This nonprofit healthcare payer is a key player in multiple states along the East coast. With more than 30 years in the business, the payer employs 1,500 people and serves more than 700,000 members, offering a variety of plans including HMO, PPO, FSA, HSA, HRS and Medicare. The organization is also a leading provider of ASO (Administrative Services Only) contracts, providing third party administration services while assuming no risk for claims payments.

Similar to many other organizations of its kind, this healthcare payer had a very complex and disparate flow for processing and adjudicating claims. As shown in Fig. 1, claims entering the organization landed in a staging area, and then fed into a claims database where they were sent for adjudication. During this process it was determined if claims were ready to move to the payment system or if they needed to be flagged and reprocessed.

It was critical that claims flagged for reprocessing not continue through to the payment system; however, this analysis required manual review and approval.

As a successful ASO provider, this organization understood that processing of client data was under strict compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations for Protected Health Information (PHI). Federal and state laws require that anyone with access to PHI take critical steps to protect patient privacy, including transmission and maintenance of any “individually identifiable” information, such as a patient’s identification number, demographics, physical or mental health, or payment of healthcare services.

The HIPAA Standard for Privacy of Individually Identifiable Health Information (HIPAA Privacy Rule) defines what information is protected and under what circumstances it can be used and disclosed. Healthcare organizations understand there is an inherent risk of provider information being altered
during claims processing. If this were to occur, claims could mistakenly be paid to incorrect providers, resulting in a PHI breaches. Significant fines have been associated with such breaches.

Read how this Nonprofit Healthcare Payer tackled compliance with strict HIPPA patient privacy regulations to avoid PHI breaches and fines.