Can we offshore Medical Billing and staying HIPAA complaint?

Offshoring Medical Billing while staying HIPAA complaint.

Trust takes years to build, seconds to break, and forever to repair.

If you are a healthcare provider, you know that being called doctor is not just about a degree and medical board approval, it is the culmination of dedication and priorities. Over years you have dedicated countless hours to your education, and then countless hours creating your practice. Now you have a practice which bears your name and reputation, every bit of it earned by your blood, sweat, and tears. You offer patients security with your skill and smile; they trust that they are safe in your care. They trust that you will give them the best possible care, and that their personal details, be it medical or demographic, will be safe with your practice. You, being a reputable healthcare provider, do everything in your power to keep your computer system safe from ransomware and viruses. You have the most up to date software, supported by a top-tier Healthcare IT company, you have an equally qualified IT company managing your entire office and monitoring your system, ensuring that your practice and the data it contains is safe. Patients walk in knowing that they will have a visit with a well-trained physician, they know that your staff will be discreet with sensitive information, and that they will receive a statement from your off shore billing service for any balance they must pay. You have the trust of your patients and a practice you have worked your entire life to create, you have earned the name Doctor.

HIPAALet’s now imagine you had taken a different path. Instead of enrolling in med school, and dedicating your life to becoming a Healthcare Provider, you are smart, but you never developed that sense of hard work and dedication that is necessary for the medical field. Instead, you decide you could make easy money if you ransom medical data and sell it to thieves on the dark web. You look around at the practices and find a few that may be good targets. Practice One is a solo practitioner who does not keep up with support, still running a program that was sunset, on an operating system the has not been HIPAA compliant since 2014. Practice Two has four providers and a staff of ten, the program is a few years old but as up to date as it can be, and the doctors have new computers with up-to-date operating systems, while the staff has outdated computers that get occasionally updated. Lastly, practice Three is a huge group of physicians spread across multiple states. They have purchased the best computers and are using the most secure cloud system, and because they have managed services with their IT company, their network is top of the line; they even off shored their billing to let their staff focus on patient care. So which practice do you target?

HIPAA compliance

The pennywise, dollar foolish solo practitioner is an easy target, they are outdated and obviously not spending the time or money to secure their system, but my target of choice is practice three. I can already hear the protests, “No way, they are safe!” and you would be right until their data leaves the country. Sure, their off shore billing service said they are HIPAA compliant, but I can say I am 6 foot 4 inches with a full head of hair and a healthy BMI; that does not make it true. The truth is HIPAA means nothing if it cannot be enforced, and let’s face it, no one is going to be conducting onsite HIPAA audits of a billing service in India. Without accountability, you are trusting that all the sensitive information contained in your software is safe, not to mention the safety of your billing process. There is no legal recourse if your data is breached while outside of the US. So, what do you do?

The most effective way to safeguard yourself from this is to ensure that your billing never leaves the US. Yes, we all know that off shore billing services are cheaper upfront, but your savings will be nothing compared to the cost of a new practice software, the loss of business and trust, the ongoing chaos that comes with having your identity stolen, and not to mention the legal troubles. If you are now asking yourself how can we change this, how can we protect everything we have worked our whole lives to create? The answer is simple, legislation has changed healthcare before, and it can do it again.  Below, you will find a letter asking your Congressman to act on behalf of you and your patients.

Find my Congressional Representative

Find my Senator


Copy and paste this letter and send it to Washington!




Dear (Congressman)

Despite stringent HIPAA laws in the US, the personal information of every person who visits a physician, medical center, hospital or any Healthcare facility is at risk! HIPAA can only be enforced within the borders of our nation, and while we have laws in place to protect us here, allowing medical billing to be done outside the United States puts us all at risk- risk of identity theft and fraud, all without any means of legal protection. Medical information, including diagnoses and pictures in many cases, are sent to services that are not held to HIPAA standards even if they claim to be HIPAA compliant. Without enforceable HIPAA laws, off shore billers are free to handle sensitive information however they see fit.

We are asking you to act on our behalf, and on behalf of the future patients of America. Strengthen the HIPAA laws by making off shoring illegal. A foreign work force is not accountable to the HIPAA laws, and since the HIPAA laws cannot be enforced overseas, we ask that you protect us by keeping the medical billing within the United States. In addition to the security that comes with a US based labor force being held accountable to HIPAA law, this move would also keep jobs in the medical billing field in the US.

We need your presence in Washington to create and pass legislation, safeguarding our sensitive data and preserving the medical industry. Do not work so hard to create safeguards within HIPAA to only see them undermined by off shoring.


Looking forward to your initiative on our behalf,

(Your name)

By: Benjamin Dunlap