At Quadax, we recognize our position of great responsibility, as a supplier of compliant revenue cycle solutions, with regard to the security and privacy of our clients’ data, and we take that responsibility very seriously. For this reason, Quadax invests in infrastructure as well as in measures designed to continually enhance security, privacy, availability and data/processing integrity.
Business Continuity & Disaster Recovery
The Quadax private cloud uses dual, geographically diverse, Tier 3 N+1 data centers to offer a robust infrastructure to mitigate any issues with the performance of our hosted software solutions and ensure the greatest uptime availability. Our data centers feature redundancies in circuitry and connectivity with different carriers. Environmental controls include UPS, HVAC, fire suppression, generator, redundant access points to the buildings, and alarming.
Quadax regularly reviews and tests our Business Continuity and Disaster Recovery Plans to determine the ability for the Company to respond to recovering operations in light of a disaster or unplanned event. Tests are reviewed carefully and corrective actions, if necessary, are executed diligently within reasonable timeframes.
Quadax Compliance Statement
Quadax considers compliance to be a process rather than a task that can be marked completed. We work on compliance every day, monitoring new regulatory requirements, establishing internal policies, educating our employees, enforcing standards, and implementing enhancements to our software systems. Compliance takes the focus and commitment of the entire organization and is ingrained in our culture. Our compliance plan encourages the prevention, detection, and resolution of any conduct that is in violation of state or federal regulations.
The Quadax Corporate Compliance Officer is responsible for planning, development, and oversight of HIPAA-mandated and OIG- recommended compliance guidelines.
The Compliance function has a program that is reasonably designed to mitigate compliance issues and regulatory risks. This function provides timely and practical guidance on various matters related to healthcare compliance issues. Training sessions are provided to staff members to keep them apprised of regulatory and compliance matters as well as related policies and procedures. Overall, the department assists in promoting a culture of compliance that includes fostering an environment of open communication.
The Compliance Officer at Quadax reports directly to the President and oversees the compliance program, monitors regulatory requirements, establishes applicable internal policies, and educates and trains employees.
Quadax is required to maintain compliance with all applicable state and Federal regulations. The corporate compliance program is structured based up on the Office of Inspector General’s Compliance Program for Third-Party Medical Billing Companies and specifically addresses the Federal Sentencing Guidelines. This program includes a compliance reporting hotline for employees.
HIPAA and HITECH Compliance
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for electronic healthcare transactions and for the security and privacy of healthcare data. It also required national identifiers for providers, health plans, and employers. The goal was to reduce costs and improve the efficiency of the healthcare system by standardizing and encouraging the electronic exchange of data. The initial compliance deadlines for most of the provisions in HIPAA have passed. The Health Information Technology for Economic and Clinical Health (HITECH) Act imposed new healthcare compliance obligations relative to privacy and security, and breach notification.
As a business entrusted with protected health information and required to distribute that information electronically to other business partners, we understand our obligations under the HIPAA statute. We have made every effort to conform to those rules and regulations by modifying business procedures and computer systems to incorporate compliance requirements by the specified deadlines for Transaction Standards and Code Sets, Privacy Standards, Identifiers, and Security.
The Quadax HIPAA Security Official is Gene Calai. Quadax has implemented measures to prevent unauthorized access to protected health information, including these:
- Administrative procedures. Our HIPAA Security Official has established formal procedures regarding the security of protected data.
- Physical safeguards. Quadax production systems are housed in an SSAE-18 audited data center that is protected via FM-200 fire suppression, video camera surveillance, and 24x7 staff. Diesel generators producing 2.5 Megawatts of power, with 4,000 gallons of backup fuel, redundant UPS with 900kVA capacity and 540 tons of HVAC ensure that our servers are running cool. Physical entry into the Quadax corporate and branch offices is managed by an electronic access control system.
- Technical measures. The software used for our healthcare billing and clearinghouse operations has multi-level operator security controls and transaction logging with audit trails of activity. The Quadax Web site uses SSL encryption technology to protect the transmission of data over the Internet.
Quadax has established internal guidelines and procedures to assure that no individual protected health information is disclosed except to authorized parties. Formal policies govern the conduct of employees regarding the confidentiality of patient information and specify penalties associated with breaches of such conduct.
Quadax has invested considerable effort in following the OIG’s Compliance Program Guidance for Third-Party Medical Billing Companies as well as other state and federal requirements.
Some of the steps we have taken are:
- Designating a Corporate Compliance Officer, Catherine Sicker, and documenting a formal Compliance Plan
- Establishing, documenting, and enforcing our internal Policies and Procedures
- Conducting training sessions with all new employees on compliance policies and consequences for violations
- Establishing procedures for monitoring changes at CMS and third party payers and disseminating this information to the appropriate parties
- Instituting software modifications and internal policies to assist our clients with compliance with the Unclaimed Funds Laws of various states
- Implementing procedures to check for HARP/PAS providers, Quadax employees, and vendors excluded from participation in Federal health care programs by the OIG and the General Services Administration
- The Company has a hotline that employees can use to report any concerns with respect to possible violation of company policies, including suspected ethical violations, accounting irregularities, financial misstatements, loss of assets, hostile work environment claims or potential illegal acts and compliance-related activities.
Quadax is fully committed to maintaining compliance with all state and federal regulations, and we have established systems and practices to accomplish that goal. Our A/R Services business lines, including HARP and Revenue Cycle Management, incorporate these and other compliance strategies:
- Editing for duplicate claims for Medicare Part A
- Editing claims according to the Correct Coding Initiative for pairs of services that should not be billed on the same claim because they are mutually exclusive or comprehensive/ component (Column 1/ Column 2) services
- Ensuring that valid diagnosis codes, CPT © Codes, and HCPCS are provided by the billing source for each test and are included on all claims.
- Checking procedure/diagnosis code combinations on claims for medical necessity according to LCD/NCD policies and supporting Advanced Beneficiary Notifications (ABNs)
- Enforcing the Medicare three-day payment window rule before a claim gets into the system. For HARP users, reports are generated so that these charges can be posted to the patient's inpatient account in the hospital billing system.
- Reviewing Medicare communications to identify all policy, procedure, and system changes that are required to conform to CMS billing standards and mandates. An insurance committee meets monthly to conduct the review.
Quadax Code of Business Conduct
The Quadax Inc. Compliance Program is intended to demonstrate the absolute commitment of the organization to the highest standards of ethics and compliance. That commitment permeates all levels of the organization. Quadax Inc. upholds and requests its employees, clients, and vendors to use and promote ethical business practices in the pursuit of excellence.
Quadax Inc., to the best of our ability, strives for compliance with all laws, regulations, and rules that apply to our business, and is committed to prepare and submit accurate claims consistent with such requirements. It is our intention that all employees understand how to do their jobs properly within applicable legal, regulatory, and ethical standards. We all share the responsibility of diligently seeking to prevent, detect, and report any unethical, illegal, or other inappropriate conduct.
Quadax Inc. is committed to treating all persons with respect, dignity, and fairness. We intend to display good judgment and high ethical standards in our business decision making and to conduct business with honesty, fairness, and integrity.
The Code of Business conduct (the “Code) applies to all employees. New employees receive a copy of the Code when they begin working for Quadax. A new employee is required to read the Code and sign an acknowledgement that they understand the Code and will comply with it. The Code provides a framework for employees to make good decisions when faced with ethical questions. While not intended to be comprehensive, the Code covers a broad range of topics. Key areas of the Code cover personal responsibility and accountability, including honesty and compliance with laws, rules and regulations. Other major areas in the Code address conflics of interest, gifts, discrimination and harassment, privacy and confidentiality, and the use of Company assets. Annually, existing employees are asked to re-read the Code annually to acknowledge that they understand and comply with the Code.