HIPAA Compliance is a Must for Medical Billers and CodersOctober 21st, 2022 - Find-A-Code
The medical coding and billing industry is regulated in terms of how it can collect and utilize information. Anyone involved in medical billing and coding, be it as a business owner or employee, must follow all the rules necessary to maintain HIPAA compliance. Needless to say, compliance is a must. Washington doesn't give the industry a choice.
HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. The act is a 1996 law that has created regulatory standards for the collection, use, and disclosure of patient protected health information (PHI).
Congress enacted HIPAA partly in response to the healthcare system beginning its transition into the digital world. It was proactive legislation designed to protect digital information as securely as paper records were ostensibly being protected. Incidentally, authority to enforce HIPAA lies with the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR).
Who Must Comply
The medical billing industry, and this includes both billers and coders, must comply with HIPAA at all times. So does nearly every other entity involved in healthcare. Specifically, the law describes two groups of organizations required to maintain HIPAA compliance:
1. Covered Entities
A covered entity is any business, nonprofit, healthcare facility, etc. that utilizes PHI electronically. This covers organizations that collect, create, store, transmit, or otherwise utilize protected patient information. Without question, this includes doctors’ offices and hospitals. It includes public health clinics too.
2. Business Associates
Also covered under HIPAA compliance rules are entities that do not directly collect, store, use, or transmit PHI for their own purposes, but do so on the behalf of covered entities. This is where medical coding and billing comes in.
A company that offers medical coding and billing services as a third-party contractor doesn't actually collect or store any PHI directly. It utilizes data supplied by healthcare facilities. They do transmit data, though they do so on behalf of their clients.
What Compliance Requires
The actual HIPAA legislation has changed quite a bit in the more than 25 years since it was first passed. There are numerous rules that must be followed including the 'big four':
- HIPAA Privacy Rule
- HIPAA Security Rule
- HIPAA Breach Notification Rule
- HIPAA Omnibus Rule
In addition to the rules, covered entities and their business associates are required to do certain things to make sure their organizations maintain compliance at all times. They must conduct regular self-audits, for example. The audit is designed to uncover any technical or administrative gaps in compliance policies.
Covered entities and their business Associates must also:
- create remediation plans for addressing compliance issues
- develop proper policies and procedures for compliance
- maintain an appropriate level of employee training
- document all steps taken to maintain compliance
- document all business associate management practices
- document all incident management events
An awful lot goes into HIPAA compliance. It is not as simple as handing patients their consent forms, gathering their signatures, and then filing the forms in a back-office filing cabinet. HHS and OCR are very serious about enforcing the HIPAA.
Know the Law
If you are involved in medical coding or billing, make sure you know the law as it applies to you. It is especially important to understand compliance if you own or operate a medical coding or billing service. As a business owner, compliance ultimately rests with you.
If you are just getting into medical coding or billing as an employee, you're going to get plenty of experience in HIPAA compliance throughout your career. Compliance is a must for coders and billers. It is a must for their employers.
If you have questions or comments about this article please contact us. Comments that provide additional related information may be added here by our Editors.
Latest articles: (any category)Artificial Intelligence in Healthcare - A Medical Coder's Perspective
December 26th, 2023 - Aimee Wilcox
December 22nd, 2023 - Find-A-Code
December 19th, 2023 - Aimee Wilcox
December 12th, 2023 - Aimee Wilcox
November 14th, 2023 - Aimee Wilcox
October 26th, 2023 - Wyn Staheli
October 11th, 2023 - Wyn Staheli