At Quadax, we recognize our position of great responsibility, as a supplier of compliant revenue cycle solutions, with regard to the security and privacy of our clients’ data, and we take that responsibility very seriously. For this reason, Quadax invests in infrastructure as well as in measures designed to continually enhance security, privacy, availability and data/processing integrity.
Business Continuity & Disaster Recovery
The Quadax private cloud uses dual, geographically diverse, Tier 3 N+1 data centers to offer a robust infrastructure to mitigate any issues with the performance of our hosted software solutions and ensure the greatest uptime availability. Our data centers feature redundancies in circuitry and connectivity with different carriers. Environmental controls include UPS, HVAC, fire suppression, generator, redundant access points to the buildings, and alarming. (Further detail is available upon request.)
Quadax regularly reviews and tests our Business Continuity and Disaster Recovery Plans to keep up with our clients’ needs and those of our own business. Tests are reviewed carefully and corrective actions, if necessary, are executed diligently within reasonable timeframes.
Quadax Compliance Statement
Quadax considers compliance to be a process rather than a task that can be marked completed. We work on compliance every day, monitoring new regulatory requirements, establishing internal policies, educating our employees, enforcing standards, and implementing enhancements to our software systems. Compliance takes the focus and commitment of the entire organization and is ingrained in our culture. Our compliance plan encourages the prevention, detection, and resolution of any conduct that is in violation of state or federal regulations.
The Quadax Corporate Compliance Officer is responsible for planning, development, and oversight of HIPAA-mandated and OIG- recommended compliance guidelines. If you have any questions, please contact our Compliance Officer by e-mail or by phone at (440) 788-2219.
HIPAA and HITECH Compliance
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for electronic healthcare transactions and for the security and privacy of healthcare data. It also required national identifiers for providers, health plans, and employers. The goal was to reduce costs and improve the efficiency of the healthcare system by standardizing and encouraging the electronic exchange of data. The initial compliance deadlines for most of the provisions in HIPAA have passed. The Health Information Technology for Economic and Clinical Health (HITECH) Act imposed new healthcare compliance obligations relative to privacy and security, and breach notification.
As a business entrusted with protected health information and required to distribute that information electronically to other business partners, we understand our obligations under the HIPAA statute. We have made every effort to conform to those rules and regulations by modifying business procedures and computer systems to incorporate compliance requirements by the specified deadlines for Transaction Standards and Code Sets, Privacy Standards, Identifiers, and Security.
The Quadax HIPAA Security Official is Gene Calai. Quadax has implemented measures to prevent unauthorized access to protected health information, including these:
- Administrative procedures. Our HIPAA Security Official has established formal procedures regarding the security of protected data.
- Physical safeguards. Quadax production systems are housed in an SSAE-18 audited data center that is protected via FM-200 fire suppression, video camera surveillance, and 24x7 staff. Diesel generators producing 2.5 Megawatts of power, with 4,000 gallons of backup fuel, redundant UPS with 900kVA capacity and 540 tons of HVAC ensure that our servers are running cool. Physical entry into the Quadax corporate and branch offices is managed by an electronic access control system.
- Technical measures. The software used for our healthcare billing and clearinghouse operations has multi-level operator security controls and transaction logging with audit trails of activity. The Quadax Web site uses SSL encryption technology to protect the transmission of data over the Internet.
Quadax has established internal guidelines and procedures to assure that no individual protected health information is disclosed except to authorized parties. Formal policies govern the conduct of employees regarding the confidentiality of patient information and specify penalties associated with breaches of such conduct. Questions and concerns about our privacy policies may be directed to firstname.lastname@example.org.
Quadax has invested considerable effort in following the OIG’s Compliance Program Guidance for Third-Party Medical Billing Companies as well as other state and federal requirements.
Some of the steps we have taken are:
- Designating a Corporate Compliance Officer, Catherine Sicker, and documenting a formal Compliance Plan
- Establishing, documenting, and enforcing our internal Policies and Procedures
- Conducting training sessions with all new employees on compliance policies and consequences for violations
- Establishing procedures for monitoring changes at CMS and third party payers and disseminating this information to the appropriate parties
- Instituting software modifications and internal policies to assist our clients with compliance with the Unclaimed Funds Laws of various states
- Implementing procedures to check for HARP/PAS providers, Quadax employees, and vendors excluded from participation in Federal health care programs by the OIG and the General Services Administration
- Maintaining a Compliance Hotline
- In addition to these steps, Quadax has established specific procedures for Billing Compliance (see below)
Quadax is fully committed to maintaining compliance with all state and federal regulations, and we have established systems and practices to accomplish that goal. Our A/R Services business lines, including HARP and Revenue Cycle Management, incorporate these and other compliance strategies:
- Editing for duplicate claims for Medicare Part A
- Editing claims according to the Correct Coding Initiative for pairs of services that should not be billed on the same claim because they are mutually exclusive or comprehensive/ component (Column 1/ Column 2) services
- Ensuring that valid diagnosis codes, CPT © Codes, and HCPCS are provided by the billing source for each test and are included on all claims.
- Checking procedure/diagnosis code combinations on claims for medical necessity according to LCD/NCD policies and supporting Advanced Beneficiary Notifications (ABNs)
- Enforcing the Medicare three-day payment window rule before a claim gets into the system. For HARP users, reports are generated so that these charges can be posted to the patient's inpatient account in the hospital billing system.
- Reviewing Medicare communications to identify all policy, procedure, and system changes that are required to conform to CMS billing standards and mandates. An insurance committee meets monthly to conduct the review.
Quadax Code of Business Ethics
The Quadax Inc. Compliance Program is intended to demonstrate the absolute commitment of the organization to the highest standards of ethics and compliance. That commitment permeates all levels of the organization. Quadax Inc. upholds and requests its employees, clients, and vendors to use and promote ethical business practices in the pursuit of excellence.
Quadax Inc., to the best of our ability, strives for compliance with all laws, regulations, and rules that apply to our business, and is committed to prepare and submit accurate claims consistent with such requirements. It is our intention that all employees understand how to do their jobs properly within applicable legal, regulatory, and ethical standards. We all share the responsibility of diligently seeking to prevent, detect, and report any unethical, illegal, or other inappropriate conduct.
Quadax Inc. is committed to treating all persons with respect, dignity, and fairness. We intend to display good judgment and high ethical standards in our business decision making and to conduct business with honesty, fairness, and integrity.