The 'Big 2' HIPAA Rules Medical Billing Companies Must Follow

July 20th, 2022 - Find-A-Code Staff
Categories:   HIPAA|PHI  

Accurate coding is the key to your job - here's why
The 'Big 2' HIPAA rules that medical billing companies must adhere to revolve around privacy and security.

Medical billing does not seem that complicated on the surface. But if you have ever dealt with things like finding diagnosis codes and NPI lookup, you know that accurate billing is anything but easy. A billing specialist has to know an awful lot. So does their employer. There are rules to follow, too. Take HIPAA rules, for example.

HIPAA covers nearly every aspect of how medical and personal information is collected, utilized, shared, and stored within the healthcare industry. Title II of the rules is applied directly to medical billing companies and independent coders. The 'Big 2' rules that medical billing companies must adhere to revolve around privacy and security.

The Privacy Rule

Patients are required to give different types of information to their healthcare providers. Some of that information falls under the protected healthcare information (PHI) category. HIPAA's privacy rule directs how medical billing companies go about disclosing PHI to partner entities. They must protect the data so that it is not shared with entities that do not have a legitimate reason to collect said data.

Protected information includes, but is not limited to:

●    past and current treatment information
●    fees paid by either patients or their insurance companies
●    names and locations of a patient's treatment providers.

Ensuring privacy accomplishes two things. First, it prevents unnecessary sharing of PHI. Second, it can help reduce the likelihood of medical billing fraud.  

The Security Rule

Of the two rules, the security rule gets greater attention (even though both should be equally important). Medical billing companies are required by HIPAA regulations to safeguard the integrity and confidentiality of all PHI in their possession. Furthermore, they are required to implement:

●    Physical Security – Medical billing companies are required to physically secure any and all premises on which protected data is housed. This includes implementing solutions like security alarms, surveillance cameras, etc.

●    Technical Security – Medical billing companies must implement technology safeguards to maintain data security. Such safeguards run the gamut from software solutions to physical pieces of hardware, like firewalls.

●    Administrative Security – Medical billing companies must implement administrative policies and procedures that guarantee employees are properly trained in data security best practices. In addition, the policies and procedures must be put in writing and routinely updated to accommodate changes.

Where the privacy rule is intended to prevent sharing data with entities that do not need it, the security rule is designed to prevent illegal access to protected data by bad actors. There is obviously some overlap here.

Applying the Rules to Contract Workers

Medical billing companies must abide by the rules whether their coders are salaried employees or independent contractors. The good news for contractors is that they are only responsible for the data they work with. Most of the responsibility falls on the shoulders of the medical billing company.

In a practical sense, this sort of arrangement usually results in a medical billing company requiring independent contractors to use a specific software platform. Coders might also be issued company laptops. Regardless of the amount of responsibility put on each contract worker, the law sees the medical billing company as ultimately responsible.

Medical billing involves access to a ton of information protected by law. Companies involved in this business are compelled to follow the privacy and security rules found in Title II of the HIPAA regulations. Rest assured that the Office of the Inspector General does not look kindly on rule breakers. The agency is more than willing to prosecute medical billing companies that do not play by the rules.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? 
Specialization: Your Advantage as a Medical Coding Contractor
December 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.
ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)
December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.
Changes to COVID-19 Vaccines Strike Again
December 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.
Updated ICD-10-CM Codes for Appendicitis
November 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.
COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....



Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association