Compliance

We recognize that the healthcare industry is in a state of constant change in laws, regulations and other government requirements, reimbursements and payor requirements, and commercial and patient expectations. We provide software as a service (SaaS) that enables our customers to comply with applicable legal and contractual obligations. We also provide services that make compliance by our customers easier and reduce the compliance concerns that they have to consider.  

XIFIN RPM Software & Services Compliance

Logic
  • Simple configuration of required claims documentation
  • Payor configurations allow for financial integrity, payor contract adherence and automated compliance
  • Key compliance rules and logic
  • System templates provide guidance on standard industry documentation
Workflow
  • Enforces configured requirements and limits processing/clerical team’s ability to circumvent those requirements without management input
  • Required coding and documentation enforced by system workflow
  • Workflow design to optimize payor billing prior to billing patient
  • Workflow to minimize clerical decision making and unnecessary re-submissions
  • Key compliance alerts flagging and logging potentially non-compliant actions for audit logs and review
Audit Trail
  • Source documentation retention for each claim
  • Data and referential integrity maintained for auditing
  • Logging to support customer compliance audits
  • Audit log for system changes
Top-Tier Data Centers
  • Top ratings from Uptime Institute
  • Redundant services and connections
Secure Communications
Backup & Archiving Designed to Achieve Recovery Objectives
Security Measures Reflecting NIST Cybersecurity Framework

We provide services for our XIFIN RPM software customers that make their compliance efforts easier, including: 

Data Resources Maintained Current for Use Through XIFIN RPM Software
  • Maintenance of ICD Codes
  • Maintenance of CPT/HCPCS Codes for use by customers who have licensed appropriate rights from AMA
  • Timely updates of LCDs and NCDs
  • Medicare and Medicaid Fee Schedules
  • ABN formats
  • Correct Coding Initiative Edits
  • CMS Outpatient Code Editor updates
  • NPIs
  • List of Excluded Individuals and Entities
  • Eligibility Services Interface
  • Remittance Advice and Adjustment Codes
Data Processing
  • Front-end rejections and denials
  • Updates to front-end editing database
  • Nightly extracts
Customer Support & Consulting Services
  • Our help desk provides assistance with the use of our XIFIN RPM software, including its compliance features
  • We have consultants available to assist our customers in refining their use of our XIFIN RPM software and their related workflows to enhance their compliance programs
Privacy & Security Compliance
  • Our systems comply with the applicable requirements of HIPAA and other privacy and security laws
Full Business Intelligence Capabilities
  • We provide business intelligence capabilities within our system and through extracts from our system
  • Customers can use custom and ad hoc reporting to strengthen their compliance programs
Standard Reporting Library
  • We provide a standard library of reports to facilitate our customers’ revenue cycle management, including their auditing and monitoring activities

Outsourced Billing Services & Compliance

Many of our customers prefer to have XIFIN provide outsourced billing services, further reducing their compliance concerns:

Reduces fraud, waste and abuse risk.
  • Electronic transfer of data
  • Our trained team, our established procedures
  • Our compensation program minimizes this risk
  • Our monitoring and auditing
  • Eliminates pressures on internal billing team
Enhances privacy and security compliance
  • Our HIPAA training and procedures
  • Our technical measures
  • Our auditing and monitoring

XIFIN Information Management & Collaboration Software

Our information management and collaboration software, including XIFIN ProNet and our LIS (XIFIN LIS), are provided as SaaS to reduce the compliance activities required for their users.

Access & Collaboration
  • Customer controlled user access
  • Information sharing in a compliant system
  • Professional collaboration that can demonstrate compliance
Documentation
  • User access management
  • Logging
  • Documentation of information and collaboration activities
  • File integrity
Compliance
  • HIPAA compliant environment
  • Simplified auditing and monitoring

XIFIN maintains a compliance program designed to exceed legal requirements and demonstrate the highest level of ethics and legal compliance by our workforce and our company in all of our activities.

XIFIN's Compliance Program

Our compliance program is based on an annual assessment of the relevant compliance risks to XIFIN based on its business activities and environment.  Given our role as a leading provider of revenue cycle management (RCM) software and services, and information and collaboration systems, our compliance program prioritizes fraud, waste and abuse and data privacy and security compliance, while recognizing our other compliance obligations throughout our organization.

Our compliance program begins with the seven factors required for an effective compliance and ethics program as described by the Office of the Inspector General (OIG) and the Federal Sentencing Guidelines:

Standards and Procedures

We have developed our Standards of Conduct to guide the performance of our workforce and establish our expectations for the highest level of ethical and lawful conduct.  We maintain written policies and procedures appropriate for our business and the compliance risks we have identified.  

Oversight

We have established a Compliance Committee that oversees our compliance activities and that guides the activities of our Compliance Officer and their team.  Our Compliance Committee’s charter includes a review of our business annually to identify the material enterprise compliance risks in our business, and the responsibility to maintain appropriate compliance program features regarding such risks.  Our Compliance Committee is chaired by our General Counsel, Marty Barrack, who brings a deep background in compliance and a number of well-recognized certifications in compliance.  Our Compliance Committee reports directly to our CEO, Lâle White, and our Board of Directors.  

Our compliance program is implemented and managed by our Compliance Officer, Bill Floeter, an experienced computer security professional holding a CHPS (Certified in Healthcare Privacy and Security) from the American Health Information Management Association (AHIMA).  Bill has a team of skilled professionals reporting to him.  Bill reports directly to our CEO, Lâle White.  

Due Diligence

We have implemented procedures to review the backgrounds of our workforce before we hire them, and while they are part of our workforce.  

Communication, Training & Education

We identify our training and education needs through a matrix approach that considers our workforce roles and responsibilities and the compliance issues relating to their specific positions.  We communicate to our workforce the importance of compliance and our Standards of Conduct, and our policies and procedures as they evolve.  

Auditing and Monitoring

We audit and monitor our activities considering the compliance risks we have identified.  We maintain a hotline provided by a third-party service for reporting of compliance concerns, and reports can be submitted anonymously.  

Enforcing Standards

We are sensitive to our “tone at the top,” and our executives consistently message the importance of compliance throughout our organization.  Compliance is considered in performance evaluations, and appropriate disciplinary measures are taken for violations of our compliance program, and our policies and procedures.  

Responding to Issues

After any compliance issue has been raised, we conduct a thorough investigation and address the issue to respond appropriately to the issue and to prevent similar further issues from arising.

Key XIFIN Compliance Activities

Fraud, Waste, and Abuse

We are keenly aware of the OIG’s Compliance Program Guidance for Third-Party Medical Billing Companies. We work internally and with our customers to operate consistent with that guidance, and to address fraud, waste and abuse compliance issues relating to our business and that of our customers.

Data, Privacy, and Security

We manage and maintain personal information protected under HIPAA and other state, federal and foreign laws. We obtain an annual third-party review of our HIPAA compliance, as well as third party reviews of our operations. We monitor the laws and industry practices relating to data privacy and security and maintain an active program consistent with the NIST Cybersecurity Framework.