Lessons Learned: Economics and Legalities of PDO Threads and HIPAA Challenges in an Aesthetic Practice

A review of two protection-related topics for healthcare providers

Over the past few weeks, MedResults has invited multiple guests to share their wisdom on several “Safety & Protection” topics, including the Business of PDO Threads, HIPAA Essentials for Healthcare Providers, Determining Compounding Quality, and more. To help our members and others in the aesthetic community understand these topics and the key concepts that will be most valuable to their businesses, we’ve put together what we’d call a “CliffsNotes” of our educational presentations.

In our first ‘abridged’ presentation summaries, our speakers addressed the risk to providers associated with the addition of PDO thread procedures as well as the potential misinterpretation (or misguidance) of HIPAA regulations. Both topics, if approached flippantly, could lead to some serious economic, insurance, and legal implications!

Read our high-level synopses below to ensure that you have the information you need to make the best choices for your business moving forward.


The Business of PDO Threads

For those of you who may not perform thread procedures, PDO threads are sutures that can absorb over many months and essentially, lay down a layer of collagen along the path of the anatomy that is threaded. There are real differences in threads, starting with not all threads are FDA-cleared! Additionally, Mono threads are typically used to build collagen while barbed threads may be more commonly used for lifting (among many others!).

When partnering with a new threading manufacturer or distributor, you should always look for:

  • A wide selection of FDA-cleared threads: A wide selection provides options for multiple areas of the body and a greater variety of procedures (right thread for the right procedure)
  • Training courses that provide a low instructor to trainee ratio
  • Facial and body assessments
  • Instruction on choosing proper threads/combination treatments
  • Schematics for areas of treatment
  • Aftercare instructions
  • Hands-on training with models (A MUST)

Insurance Implications of PDO Threads:

Prior to adding thread procedures to your practice, always call your insurance agent to receive underwriter approval. It’s likely that you’ll need to provide them with your training certificates as well as consent forms (some even require an estimate of the number of threads you anticipate using in 12 months and/or anticipated revenue from threads). It’s important to note that some carriers may also require a mid-level provider or physician to do PDO threads procedures. If your PDO thread provider does not meet their criteria, you may need to consider an entirely new provider or policy! Finally, our last bit of advice is to send your digital brochure to your insurance agent annually to review the procedures that you offer so they can review for appropriate coverage.

Legal Implications of PDO Threads:

From a legal standpoint, any physician or mid-level provider must be appropriately trained to do thread procedures; this includes hands-on training on a procedure prior to ever performing the procedure or delegating the performance of that procedure.

General Procedure Guidelines* state that prior to authorizing a procedure, a physician, or a mid-level practitioner acting under the delegation of a physician must:

  • Take a history of the patient
  • Perform an appropriate physical examination
  • Make an appropriate diagnosis
  • Recommend appropriate treatment
  • Develop a detailed and written treatment plan
  • Obtain a patient’s informed consent
  • Provide instructions for emergency and follow-up care
  • Prepare and maintain an appropriate medical record, including the proper listing/recording of the performance of the items above
  • Have signed and dated written protocols

Written Practice Protocols* should also include, but not be limited to:

  • The identity of the physician responsible for the delegation of the Procedure.
  • Selection criteria to screen patients by the physician or mid-level practitioner for appropriateness of treatment.
  • A description of appropriate care and follow-up for common complications, serious injuries, or emergencies.
  • A statement of activities, decision criteria, and plan the physician, or mid-level practitioner, shall follow when performing or delegating the performance of a Procedure, including the method for documenting decisions made and a plan for communication or feedback to the authorizing physician or mid-level practitioner concerning specific decisions made.
  • A description of what information must be documented by the person performing the procedure.

Despite being relatively non-invasive procedures, PDO Threads are no exception to these General Procedure Guidelines and Written Practice Protocols.

Ultimately, proper training, adequate insurance coverage, and documented procedure guidelines and protocols can ensure the quality of care for your patients and the long-term protection of your business.

*The above information is written in general terms and does not consider state-specific or additional/altered regulations or policies.


HIPAA Essentials for Healthcare Providers

HIPAA, commonly misunderstood and even more rarely followed, has three basic components that MUST be understood by medical providers. These include:

  • The Privacy Rule: This rule protects basic health information (spoken, electronic, or otherwise) and governs how one uses and disseminates information. The rule also includes information regarding your notice of privacy practices, training of employees, governing documentation, as well as patient rights.
  • The Security Rule: This rule was established as a national set of security standards for protecting health information that is held or transferred in electronic form. To ensure compliance of this Rule, it is recommended to have a security risk analysis and additional electronic protection.
  • The Breach Notification Rule: As a medical provider, you are required to have policies and processes in place to comply with this Rule. The Rule provides the guidelines for how to report an information breach (small or large). Hopefully, you’ll never be in a position to do this!
    • For small breaches (fewer than 500 people) a practice must report the breach to the OCR once per year.
    • Larger breaches require a report to the OCR within 30 days of the breach and you must publicly report the breach. In these instances, a practice or business entity must also send a notification to those who were potentially affected by the breach. Additionally, they’re required to create a plan to mitigate the breach and prevent future breaches from occuring.

The goal of HIPAA (The Health Insurance Portability and Accountability Act of 1996) is to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. Simply put, the government wants you to protect your information and the systems that connect your information to the internet. For those that are serious about HIPAA, you already understand that risk management (i.e., being compliant with HIPAA), leads to serious revenue protection!  By focusing on risk management, you’ll avoid regulatory penalties and potential business missteps, prevent a toxic company culture, and improve patient safety and trust.

Today, patients have more rights than ever, which includes the right to report to the OCR (Office for Civil Rights). This means that patients can also request immediate electronic access to all notes, charts, and/or records.  Furthermore, it is no longer permissible to disclose information between a patient’s providers…it’s REQUIRED. For most states, patient authorizations are a thing of the past and providers must facilitate access to patient information without delay. Access to healthcare information is a civil right and should be treated as such!

Looking to overcome compliance burdens in your practice? Look no further – Here are four steps to help you protect your practice for now and for years to come:

  • Take the time to understand compliance regulations: Consider attending educational events and connect with experts who can help you better understand regulations specific to you
  • Train your staff: Use out-of-the-box training to keep your staff engaged and to help them retain information. This could be role-based, gamified, or shared frequently through posters and reminders
  • Address your lack of security resources: Understand your own security status and/or challenges by conducting a routine risk analysis
  • Address your lack of compliance tools and budget: Prioritize compliance based on your risk analysis and always budget for improvements


If you’d prefer to watch the recorded educational webinar presentations, please click below:

The Business of PDO Threads: https://event.webinarjam.com/go/replay/28/mqq6rb70t4ra37ag

HIPAA Essentials for Healthcare Providers: https://event.webinarjam.com/go/replay/27/055kqf8wsy4f0vf2


Want more information on the following topics?

PDO Threads: Apollo Med Innovations  |  Dennis Stoutenburgh, President  |  dennis@apollomedinnovations.com  |  214.986.8400

HIPAA ComplianceKeane Technologies  |  Debbie Burnham, Director of Sales & Marketing  |  debbieb@keanetechnologies.com  |  314.822.6950

Legal Information: Paddy Deighan, MBA, JD, PhD  |  Healthcare Attorney  |  deigs1@msn.com  |  949.701.2192


Posted by Jamie Parrott Adkins, COO of MedResults Network @ jamie@medresultsnetwork.com

About MedResults

MedResults Network is the largest FREE aesthetic buying group in the USA. Members have access to deep discounts and rebates on thousands of products and services including injectables, skincare, and more!

Recent Blogs