New 42-day free trial
Smarty

Compliance risks of inaccurate address data for health insurance providers

Wes Arnold
Wes Arnold
 | 
July 27, 2023
Tags
Compliance risks of inaccurate address data for health insurance providers

Handling address data is such a routine occurrence for health insurance providers that it’s not the first thing that would come to mind as being a liability. However, the reality is that discrepancies and inaccuracies in address data can have far-reaching consequences, posing serious privacy and compliance risks. Healthcare fraud, reputational damage, and financial penalties are just a few examples of the potential hazards.

In this blog, we’ll delve into three common types of privacy and compliance risks resulting from incorrect or incomplete address data. Here's what you can expect to read about below:

Furthermore, we’ll outline effective address management practices that health insurance providers can adopt to mitigate these risks and ensure compliance while safeguarding patient privacy.

You no doubt receive mail at your home address from time to time that’s addressed to someone else. If it looks important, you might write "Return to Sender" on the envelope and send it back, but if it seems like junk mail, you probably just toss it into the recycling bin — no big deal.

But imagine the piece of mail in question is from a health insurance plan notifying a patient of a change in coverage. The patient doesn’t receive the communication and proceeds with an expensive treatment that’s no longer covered. They get the bill and, upset, initiate a lengthy appeals process and accuse the plan of violating federal regulations requiring timely notice of changes in coverage — all because of an incorrect address.

Maybe the patient or an office worker mistyped their address, or perhaps they didn’t update their address when they moved. The address could have been missing a unit number or had a misspelled street name. Whatever the case, the address was inaccurate and the impact real. Address information is a critical part of health data in a world that runs on data, and today it’s expected that data will be consistent, standardized, and secure.

1. Unauthorized disclosures of personal health information

Under HIPAA (the 1996 Health Insurance Portability and Accountability Act), personal health information (PHI) includes any individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity, such as a health insurance plan. Sharing PHI without the authorization of the patient is a violation punishable by a fine or even jail time.

Medical bills and explanations of benefits (EOBs) are considered PHI, and sending them to the wrong address is a direct violation of HIPAA. If misaddressed mail containing healthcare information is unintentionally disclosed, the responsibility lies with the sender — not the recipient.

When it comes to these sensitive communications, it’s vital that the right information goes to the right person — in fact, it can be better not to send it at all than to send it to the wrong address. When a violation happens, a health insurance provider is required to identify where in the process the mistake occurred, contact the patient to explain, and correct and resend the information — a task that involves multiple employees and takes considerable time.

Patients also have the right to report the violation, which can result in an investigation by the Department of Health and Human Services (HHS). Part of that investigation looks at what processes or safeguards are in place to prevent sending PHI to inaccurate addresses — and there will be penalties if you don’t have these in place.

Having address verification tools in place could prevent violations and protect health insurance providers from steep fines if, somehow, they do occur.

2. Compliance issues

It's no secret that every corner of healthcare is highly regulated. Beyond HIPAA violations for disclosing PHI, there are countless other regulations that affect health insurance plans, and inaccurate or incomplete address data can put a health insurance provider in conflict with many of them.

Some rules require health insurance providers to send required notices to members or providers within mandated timelines. For example, a Summary of Benefits and Coverage must be provided within a certain number of days to new applicants, enrollees, or COBRA beneficiaries.

Health insurance providers are also responsible for notifying policyholders of coverage changes, as described in the hypothetical situation above and giving proper notice before terminating coverage. Bad address data can cause cascading problems — if someone isn’t paying their premiums because they aren’t receiving the bill due to an inaccurate address, the health plan could cancel their policy but still run afoul of the requirement to inform them in a timely manner.

As with HIPAA violations, there are penalties for not complying with these regulations. If a health insurance provider doesn’t have a system in place for verifying and maintaining address data, it loses the ability to argue that it made a good-faith effort to comply with all relevant requirements.

In addition to legal consequences, failure to comply and communicate properly with patients has reputational implications. When incorrect or incomplete information causes patients to pay more financially, they also pay more emotionally — and their frustration affects their relationship with the health insurance provider.

3. Increased risk of fraud and partner violations

Health insurance providers share data with a variety of business partners, including providers, labs, and pharmacies. Incorrect or incomplete address data is like a virus that can spread from one entity to another, putting partners at risk for HIPAA violations or mistakes like shipping prescriptions to the wrong address and interrupting patient treatment.

From a patient's perspective, these mistakes reflect on the health insurance provider, no matter what other entity might be responsible. Partners need to work together to ensure the accuracy of health data, including address data, as it flows throughout the healthcare system.

Documents mailed to bad addresses can also increase the risk of healthcare fraud when the wrong people open letters and misuse the information they find. The financial impact of fraud often comes back on the insurer, so it’s in the interest of health insurance providers to correct addresses not only in their own systems but also those of partners like labs or providers.

Fraud costs the insurance industry billions of dollars each year, but insurers can fight back by keeping their records up to date — including address data.

Increase compliance and privacy with address verification tools

HIPAA standards cover more than wrongful disclosures of PHI. They also punish failures to perform organization-wide risk analyses and implement risk-management processes. Health insurance companies should conduct regular self-audits of how they protect PHI, and these audits should include the secure handling of address data.

Address verification tools like Smarty's can help health insurance providers automatically identify and correct incomplete or inaccurate address data and avoid unintentional privacy and compliance violations. It's also possible to dramatically reduce the number of bad addresses that enter the system in the first place by using autocomplete tools. With the right precautions in place, you can protect your health insurance company — and your policyholders — from a multitude of privacy, compliance, and fraud risks.

Read the other articles in this series, The Silent Risks of Inaccurate Address Data for Health Insurance Providers:

Subscribe to our blog!
Learn more about RSS feeds here.
rss feed icon
Subscribe Now
Read our recent posts
Improving user/customer experience in every industry with clean address data
Arrow Icon
You finally track down an essential addition to your collector’s set of [insert item of your choice], and you're hyped to buy it until the chaos begins. The cart is hidden in a fly-out on the side, cluttered with blocky, overwhelming text. You spend way too long just trying to find the "Proceed to Checkout" button. 👎 That’s bad UI (user interface): messy, confusing design that makes navigation a chore. You make it to the checkout and start entering your info, but the site keeps rejecting your address.
Dashboard essentials for Smarty users
Arrow Icon
The Smarty dashboard is your central hub for managing address verification, geocoding, and property data services. Whether you're just starting or looking to optimize your current setup, understanding the dashboard's full capabilities can significantly streamline your address data operations. We recently held a webinar in which we reviewed all of the Smarty dashboard's items and features. Missed it? That's OK; we've got all the information right here. You can expect to read about:Accessing your dashboardSetting up your account for successUnderstanding your active subscriptionsManaging API keys effectivelyStreamlining billing and financial managementStaying informed with smart notificationsTeam management and access controlsWeb toolsMaking the most of free trialsKey takeawaysLet’s get going!Accessing your dashboardGetting to your dashboard is straightforward.
Take charge of your API usage with Smarty’s key management features
Arrow Icon
Ever wondered, “Where did all my lookups go?!” Without proper API management, you may burn through your lookups quicker, experience runaway code, and encounter unexpected usage. That’s why Smarty created usage by key (included in all annual plans) and limit by key (included in some plans; you can add them by contacting sales) for its APIs. Why key management mattersCommon API usage challenges (problems to solve):Unexpected spikes in lookupsDifficulty tracking specific key usageWhich keys are calling which Smarty licenseNeed for better control over API consumptionDifficulty allocating Smarty lookups across an organizationWith Smarty's key management features, you gain more control by having better visibility of your usage, eliminating the element of surprise (you know, the bad kind, like when you’re suddenly out of lookups).

Ready to get started?