We recognize that the healthcare industry is in a state of constant change in laws, regulations and other government requirements, reimbursements and payor requirements, and commercial and patient expectations. We provide software as a service (SaaS) that enables our customers to comply with applicable legal and contractual obligations. We also provide services that make compliance by our customers easier and reduce the compliance concerns that they have to consider.
XIFIN RPM Software & Services Compliance
We provide services for our XIFIN RPM software customers that make their compliance efforts easier, including:
Outsourced Billing Services & Compliance
Many of our customers prefer to have XIFIN provide outsourced billing services, further reducing their compliance concerns:
XIFIN Information Management & Collaboration Software
Our information management and collaboration software, including XIFIN ProNet and our LIS (XIFIN LIS), are provided as SaaS to reduce the compliance activities required for their users.
XIFIN maintains a compliance program designed to exceed legal requirements and demonstrate the highest level of ethics and legal compliance by our workforce and our company in all of our activities.
XIFIN's Compliance Program
Our compliance program is based on an annual assessment of the relevant compliance risks to XIFIN based on its business activities and environment. Given our role as a leading provider of revenue cycle management (RCM) software and services, and information and collaboration systems, our compliance program prioritizes fraud, waste and abuse and data privacy and security compliance, while recognizing our other compliance obligations throughout our organization.
Our compliance program begins with the seven factors required for an effective compliance and ethics program as described by the Office of the Inspector General (OIG) and the Federal Sentencing Guidelines:
Standards and Procedures
We have developed our Standards of Conduct to guide the performance of our workforce and establish our expectations for the highest level of ethical and lawful conduct. We maintain written policies and procedures appropriate for our business and the compliance risks we have identified.
We have established a Compliance Committee that oversees our compliance activities and that guides the activities of our Chief Compliance Officer and their team. Our Compliance Committee’s charter includes a review of our business annually to identify the material enterprise compliance risks in our business, and the responsibility to maintain appropriate compliance program features regarding such risks. Our Compliance Committee is chaired by our General Counsel and Chief Compliance Officer, Marty Barrack, who brings a deep background in compliance and a number of well-recognized certifications in compliance. Our Chief Compliance Officer reports directly to our CEO, Lâle White, and our Board of Directors.
Reporting to our Chief Compliance Officer is our Vice President, Security, and Compliance, Bill Floeter, an experienced computer security professional holding a CHPS (Certified in Healthcare Privacy and Security) from the American Health Information Management Association (AHIMA). Bill implements and manages our information security and compliance program and has a team of skilled professionals reporting to him.
We have implemented procedures to review the backgrounds of our workforce before we hire them, and while they are part of our workforce.
Communication, Training & Education
We identify our training and education needs through a matrix approach that considers our workforce roles and responsibilities and the compliance issues relating to their specific positions. We communicate to our workforce the importance of compliance and our Standards of Conduct, and our policies and procedures as they evolve.
Auditing and Monitoring
We audit and monitor our activities considering the compliance risks we have identified. We maintain a hotline provided by a third-party service for reporting of compliance concerns, and reports can be submitted anonymously.
We are sensitive to our “tone at the top,” and our executives consistently message the importance of compliance throughout our organization. Compliance is considered in performance evaluations, and appropriate disciplinary measures are taken for violations of our compliance program, and our policies and procedures.
Responding to Issues
After any compliance issue has been raised, we conduct a thorough investigation and address the issue to respond appropriately to the issue and to prevent similar further issues from arising.
Key XIFIN Compliance Activities
Fraud, Waste, and Abuse
We are keenly aware of the OIG’s Compliance Program Guidance for Third-Party Medical Billing Companies. We work internally and with our customers to operate consistent with that guidance, and to address fraud, waste and abuse compliance issues relating to our business and that of our customers.
Data, Privacy, and Security
We manage and maintain personal information protected under HIPAA and other state, federal and foreign laws. We obtain an annual third-party review of our HIPAA compliance, as well as third party reviews of our operations. We monitor the laws and industry practices relating to data privacy and security and maintain an active program consistent with the NIST Cybersecurity Framework.