“From measles to mumps, sprained knees to broken bones, heart attacks to surgery, he was ever present, reassuring and helpful. We never worried…. Some would say it was his job, his profession, his duty to be there. We look at it differently. We weren’t a dollar sign – we were people in need.” – from Family Practice Stories by Richard D. Feldman, MD.
Even the idea of serving the medical profession can be daunting – medical professionals often seem exalted in our minds. And doctors are not always the easiest people to work with. “Sometimes they can be really high maintenance,” said Kristy Monahan, principal at Seattle-based Dynamic Bookkeeping. “If you have the patience to cut through their ego, you can drill down and show them something they didn’t know in a financial statement, you’ll have that ‘aha moment.’ Running a business is a whole different skill than practicing medicine. My goal is to be able to help in that regard and become more of a partner in the clinic. It can be really rewarding.”
Dynamic Bookkeeping specializes in serving medical practitioners – doctors, dentist, orthodontists, chiropractors, physical therapists – and one of the biggest challenges is dealing with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules. “HIPPA went into effect in 2009 – it’s been almost a decade – and a lot of things have changed since then,” explained Monahan.
You know what it’s like to work with your client, studying financial statements, preparing tax returns, analyzing performance, considering recommendations, monitoring workflow, calculating turnaround of accounts receivable – you do some part of this every day, and there are software tools to help with every aspect of these tasks. But imagine trying to accomplish all of this work with the virtual equivalent of one hand tied behind your back.
“HIPAA is so important to understand – a lot of doctors don’t even understand it. The biggest challenge is helping people understand that personally identifiable information such as what you would normally find in QuickBooks Online is not HIPAA compliant. You can’t drill down by patient, the reporting is different; you can’t even drill down by insurance companies. For example, you can’t input, ‘Jane Doe came in and paid this much for this service,’ said Monahan.
Intuit has addressed the situation in its support community: “Currently, QuickBooks Online (QBO) meets industry standards for online security, but it is not compliant with the HIPAA standards for privacy. If you are a health care professional using QBO, it is not recommended that you enter in ‘individually identifiable health information.’ …For more information on the subject, as well as to seek legal advisement regarding this issue, go to: http://www.hhs.gov/ocr/hipaa/.”
Monahan mentions that if you are providing services to the medical community, you might be asked to sign a Business Associate Agreement (BAA). According to the AICPA Insights blog, the BAA deals with your responsibilities as a business associate under HIPAA with regard to Protected Health Information (PHI). The HIPAA Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate – which would include the accountant – in any form or media, whether electronic, written, or oral. Patient names, addresses, social security numbers, and medical records are protected.
Areas of risk include patient billing data, accounts receivable detail, write-offs to doubtful accounts, and even the general ledger and journal entries. Recommendations for the medical service provider include using summaries or using only patient account numbers on records and not any identifying information.
The BAA shifts the liability for protecting a client’s privacy from the medical service provider to the business associate signing the agreement (in this case, the accountant). The AICPA recommends that accounting professionals only sign a BAA if the engagement you are performing specifically requires you to access PHI. The AICPA also recommends:
- If you’re not 100% certain your electronic systems comply with the HIPAA Security Rule, ask the client to specify in the BAA that you will only receive printed copies and you will not convert them to electronic format.
- If you determine that electronic access to PHI is necessary for your engagement, keep in mind that any cloud-based software or data storage provider that you will use to process, transmit or store the electronic PHI will also need to sign a BAA.
Monahan follows the AICPA suggestions in her practice and recommends that her clients summarize their information so that she does not have access to any PHI. “I had a psychologist who came up with a lettering system that didn’t give away any information regarding her clients. She could use the accounts receivable module in QuickBooks Online and she knew what the codes meant but no one else did.
There were no social security numbers, no chart numbers, just her own code and that works for her,” said Monahan.
Beyond accounting, Monahan enjoys helping her medical service clients with marketing their practices. “It doesn’t occur to them – the marketing campaign can help drive in business.”
See inside March 2017
2017 Overview of PaySimple – Accounts Receivable Functions
PaySimple is a payment processing solution that is designed to process payments of all types, including credit and debit cards, eChecks, and ACH transfers, with payments processed on a one-time or recurring basis. PaySimple tracks invoices ...