HIPAA Compliance is a Must for Medical Billers and Coders

October 21st, 2022 - Find-A-Code
Categories:   HIPAA|PHI   Compliance  

The medical coding and billing industry is regulated in terms of how it can collect and utilize information. Anyone involved in medical billing and coding, be it as a business owner or employee, must follow all the rules necessary to maintain HIPAA compliance. Needless to say, compliance is a must. Washington doesn't give the industry a choice.

HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. The act is a 1996 law that has created regulatory standards for the collection, use, and disclosure of patient protected health information (PHI).

Congress enacted HIPAA partly in response to the healthcare system beginning its transition into the digital world. It was proactive legislation designed to protect digital information as securely as paper records were ostensibly being protected. Incidentally, authority to enforce HIPAA lies with the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR).

Who Must Comply

The medical billing industry, and this includes both billers and coders, must comply with HIPAA at all times. So does nearly every other entity involved in healthcare. Specifically, the law describes two groups of organizations required to maintain HIPAA compliance:

1. Covered Entities

A covered entity is any business, nonprofit, healthcare facility, etc. that utilizes PHI electronically. This covers organizations that collect, create, store, transmit, or otherwise utilize protected patient information. Without question, this includes doctors’ offices and hospitals. It includes public health clinics too.

2. Business Associates

Also covered under HIPAA compliance rules are entities that do not directly collect, store, use, or transmit PHI for their own purposes, but do so on the behalf of covered entities. This is where medical coding and billing comes in.

A company that offers medical coding and billing services as a third-party contractor doesn't actually collect or store any PHI directly. It utilizes data supplied by healthcare facilities. They do transmit data, though they do so on behalf of their clients.

What Compliance Requires

The actual HIPAA legislation has changed quite a bit in the more than 25 years since it was first passed. There are numerous rules that must be followed including the 'big four':

  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • HIPAA Breach Notification Rule
  • HIPAA Omnibus Rule

In addition to the rules, covered entities and their business associates are required to do certain things to make sure their organizations maintain compliance at all times. They must conduct regular self-audits, for example. The audit is designed to uncover any technical or administrative gaps in compliance policies.

Covered entities and their business Associates must also:

  • create remediation plans for addressing compliance issues
  • develop proper policies and procedures for compliance
  • maintain an appropriate level of employee training
  • document all steps taken to maintain compliance
  • document all business associate management practices
  • document all incident management events

An awful lot goes into HIPAA compliance. It is not as simple as handing patients their consent forms, gathering their signatures, and then filing the forms in a back-office filing cabinet. HHS and OCR are very serious about enforcing the HIPAA.

Know the Law

If you are involved in medical coding or billing, make sure you know the law as it applies to you. It is especially important to understand compliance if you own or operate a medical coding or billing service. As a business owner, compliance ultimately rests with you.

If you are just getting into medical coding or billing as an employee, you're going to get plenty of experience in HIPAA compliance throughout your career. Compliance is a must for coders and billers. It is a must for their employers.


Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? 
Specialization: Your Advantage as a Medical Coding Contractor
December 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.
ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)
December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.
Changes to COVID-19 Vaccines Strike Again
December 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.
Updated ICD-10-CM Codes for Appendicitis
November 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.
COVID Vaccine Coding Changes as of November 1, 2023
October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.
Medicare Guidance Changes for E/M Services
October 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....

Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association