HIPAA|PHI - Articles
HIPAA Compliance is a Must for Medical Billers and CodersOctober 21st, 2022 - Find-A-Code
The medical coding and billing industry is regulated in terms of how it can collect and utilize information. Anyone involved in medical billing and coding, be it as a business owner or employee, must follow all the rules necessary to maintain HIPAA compliance. Needless to say, compliance is a must. Washington doesn't give the industry a choice.
Washington Continuing To Flex Muscles Via Right Of AccessSeptember 7th, 2022 - Find-A-Code
Though medical billing codes are the main focus here, all of us in the medical billing industry need to be cognizant of HIPAA compliance. In light of that, it is important that medical billers, coding specialists, and the clinicians they work for pay attention to the Right of Access Initiative (RAI). Washington continues to flex its muscles in its enforcement of the initiative.
The 'Big 2' HIPAA Rules Medical Billing Companies Must FollowJuly 20th, 2022 - Find-A-Code Staff
HIPAA covers nearly every aspect of how medical and personal information is collected, utilized, shared, and stored within the healthcare industry. Title II of the rules is applied directly to medical billing companies and independent coders. The 'Big 2' rules that medical billing companies must adhere to revolve around privacy and security.
Prior years: (click bar to view articles)
2021
HIPAA Penalty Changes
January 11th, 2021 - Wyn Staheli, Director of Research
January 11th, 2021 - Wyn Staheli, Director of Research
On January 5, 2021, H.R. 7898 was signed into law by President Trump. This new law modifies the HITECH Act such that when an organization experiences a breach, fines and/or penalties may be reduced if (for at least a year) they have instituted “recognized security practices” as defined within the law.
2019
HIPAA Final Rule Eliminates HPID and OEID
November 12th, 2019 - Wyn Staheli, Director of Research
October 11th, 2019 - Namas
August 16th, 2019 - Namas
June 21st, 2019 - Namas
May 6th, 2019 - Wyn Staheli, Director of Research
April 15th, 2019 - Wyn Staheli, Director of Research
January 22nd, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
November 12th, 2019 - Wyn Staheli, Director of Research
Final rule eliminates the requirement for health plans to obtain a unique health plan identifier (HPID) and also eliminates the voluntary use of the other entity identifier (OEID). This change becomes effective December 27, 2019.
Why is HIPAA So Important?October 11th, 2019 - Namas
Why is HIPAA So Important?
Some may think that what they do to protect patient information may be a bit extreme. Others in specialty medical fields and research understand its importance a little more. Most of that importance lies in the information being protected. Every patient has a unique set of ...
Medical ID TheftAugust 16th, 2019 - Namas
Medical ID Theft
"So, do you guys think you can do something with that?" John asked angrily at our first meeting with him in August 2017 as he slammed a stack of medical bills, EOBs and collection letters - three inches high - down in front of my partner and I. ...
Small Breaches Can Be Subject to Large PenaltiesJune 21st, 2019 - Namas
Small Breaches Can Be Subject to Large Penalties
We may have heard about the large fines issued by the Office for Civil Rights (OCR) against big organizations like Anthem or the University of Texas MD Anderson Cancer Center. These organizations have been in the news due to privacy breaches that constituted violations ...
HIPAA Violation Penalties RevisedMay 6th, 2019 - Wyn Staheli, Director of Research
On April 30, 2019 The Department of Health and Human Services (HHS) announced that “HHS will apply a different cumulative annual CMP limit for each of the four penalties tiers in the HITECH Act.” Unlike other notices which require a proposed rule with a comment period, this notice will take ...
Watch out for People-Related ‘Gotchas’April 15th, 2019 - Wyn Staheli, Director of Research
In Chapter 3 — Compliance of the ChiroCode DeskBook, we warn about the dangers of disgruntled people (pages 172-173). Even if we think that we are a wonderful healthcare provider and office, there are those individuals who can and will create problems. As frustrating as it may be, there are ...
Truncated ICD-10-CM Official Guidelines for Coding and ReportingJanuary 22nd, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
Adherence to ICD-10-CM official guideline's are required under HIPAA and adopted for all healthcare settings. We have made it easy to access guidelines and made them available on the code information page, either on the page you are viewing or view more information by selecting the ICD-10-CM Chapter Section/Guidelines and ...
2018
Are HIPAA Changes Coming?
December 18th, 2018 - Wyn Staheli, Director of Research
September 26th, 2018 - BC Advantage
September 24th, 2018 - Wyn Staheli, Director of Research
August 31st, 2018 - Wyn Staheli, Director of Research
August 3rd, 2018 - Wyn Staheli, Director of Research
June 18th, 2018 - Wyn Staheli, Director of Research
May 7th, 2018 - Wyn Staheli, Director of Research
April 23rd, 2018 - Wyn Staheli, Director of Research
February 5th, 2018 - Wyn Staheli, Director of Research
February 1st, 2018 - Wyn Staheli, Director of Research
January 31st, 2018 - Dugan Maddux, MD, FACP
January 24th, 2018 - Wyn Staheli, Director of Research
December 18th, 2018 - Wyn Staheli, Director of Research
On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights ...
HIPAA Handling Patient Requests for Medical Record RestrictionSeptember 26th, 2018 - BC Advantage
Healthcare compliance professionals frequently face confusing situations about sharing of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) supports the protection of privacy of medical records. However, even when a patient does not authorize sharing of his record, there are permitted uses and disclosures, such as...
Q/A: Do I Have to Accept Any New Patient?September 24th, 2018 - Wyn Staheli, Director of Research
Question: Is it legal for us to not allow a patient to be seen in our office if their parents have bad debt with us?
Finalized Confidentiality of Alcohol and Drug Abuse Patient Records RegulationsAugust 31st, 2018 - Wyn Staheli, Director of Research
In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2). This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ...
Q/A: Is it Legal to Shred Archived Patient Records After a Certain Amount of Time?August 3rd, 2018 - Wyn Staheli, Director of Research
Shredding patient records. When is it appropriate? Read more to find out.
Medicare Claim Submission ExceptionsJune 18th, 2018 - Wyn Staheli, Director of Research
There are several exceptions to the Medicare "Mandatory Claim Submission Rule." What are they?
Q/A: How Do I Respond to a Patient's Request to Not Submit the Claim to Their Insurance?May 7th, 2018 - Wyn Staheli, Director of Research
A number of patients now have high deductible plans. Sometimes, deductibles can be $5000 or $10,000. My payer contract states that I must submit all claims to insurance for covered services. However, sometimes patients with these high deductibles come to my office and state that they would prefer to receive a modest discount for paying cash and in turn, not have their services submitted to insurance. As a doctor, this places me in a tough situation. Do I follow the patient's wishes or the payer contract?
Q/A: Someone Broke into My Office. What do I do Now?April 23rd, 2018 - Wyn Staheli, Director of Research
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?
HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?February 5th, 2018 - Wyn Staheli, Director of Research
Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date.
The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ...
Are Your Computers Vulnerable to Cyber Attacks?February 1st, 2018 - Wyn Staheli, Director of Research
Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.
On ...
Mobile Health: Growing Engagement and New ResponsibilitiesJanuary 31st, 2018 - Dugan Maddux, MD, FACP
This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth....
HIPAA and the Opioid CrisisJanuary 24th, 2018 - Wyn Staheli, Director of Research
HIPAA and the Opioid Crisis guidance released by HHS.
2017
HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
October 6th, 2017 - Wyn Staheli
August 17th, 2017 - ChiroCode
August 11th, 2017 - Michelle West, CPC, CEMC, CPMA, CRC
August 4th, 2017 - Wyn Staheli
August 4th, 2017 - NAMAS
August 1st, 2017 - Wyn Staheli
June 29th, 2017 - Sean Weiss
April 10th, 2017 - Wyn Staheli
February 27th, 2017 - InstaCode Institute
February 22nd, 2017 - Wyn Staheli
February 2nd, 2017 - Wyn Staheli
January 23rd, 2017 - Wyn Staheli
October 6th, 2017 - Wyn Staheli
In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following:
Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ...
Medicare Announces New Cards to Be IssuedAugust 17th, 2017 - ChiroCode
Identity theft has become a major problem in the United States. As a prevention measure, the Centers for Medicare& Medicaid Services (CMS) is readying a fraud prevention initiative that removes Social Security numbers from Medicare cards to help combat identity theft, and safeguard taxpayer dollars.
Personal identity theft affects a large ...
Chart Auditing For BeginnersAugust 11th, 2017 - Michelle West, CPC, CEMC, CPMA, CRC
In the new year, have you found yourself in the new role of performing internal chart audits for your organization? Are you often finding yourself saying "Now What?!" First, take a deep breath and start with the basics. In this week's tip, I will review the very basic tips and ...
Cybersecurity - Are you sure you are secure?August 4th, 2017 - Wyn Staheli
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ...
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues ExistAugust 4th, 2017 - NAMAS
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ...
HIPAA Training RequirementsAugust 1st, 2017 - Wyn Staheli
HIPAA Training must be an ongoing effort in every healthcare organization.
To Disclose or Not to Disclose… That is the QuestionJune 29th, 2017 - Sean Weiss
The biggest questions I receive these days are in regard to handling potential overpayments regarding internal or external audits is whether or not the errors constitute a self-disclosure protocol. The short answer is, avoid this process unless you have verifiable fraudulent activity to report. Section 1128J(d) of the Act created ...
False Claim Penalties Increase AgainApril 10th, 2017 - Wyn Staheli
On February 3, 2017, the Department of Justice (DOJ) issued a Final Rule to increase the civil monetary penalties assessed under the False Claims Act (FCA), due to inflation for the year 2017, to an all-time high of $10,957 (minimum) to $21,916 (maximum). Thirty years ago, in 1986, Congress amended the False ...
How to Properly Dispose Protected Health Information (PHI)February 27th, 2017 - InstaCode Institute
HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner:
Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.
Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ...
Mobile Devices are HIPAA Security ConcernFebruary 22nd, 2017 - Wyn Staheli
Mobile devices are one of the most problematic areas for HIPAA security. Their ease of portability also makes it easy for them to be stolen or hacked. Because so many of the HIPAA breaches reported involved mobile devices, additional guidance has been issued by HealthIT.gov. Their informative web page offers additional ...
Psychotherapy Notes Provision of HIPAAFebruary 2nd, 2017 - Wyn Staheli
Of special interest to all behavioral health practitioners (both Covered Entities and NON-covered entities) is HIPAA's provision for psychotherapy notes. The privacy rule recognizes that psychotherapy notes need more protection than other types of PHI. Even if you are not a covered entity, we recommend understanding and implementing office procedures ...
HIPAA Exempt Offices (Paper)January 23rd, 2017 - Wyn Staheli
It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ...
2016
Medical Billing and Coders Professional Liability
November 29th, 2016 - Find-A-Code
August 4th, 2016 - Chris Woolstenhulme, CPC, CMRS
November 29th, 2016 - Find-A-Code
Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm.
The Federal Health Insurance Portability ...
Security Risk Assessment Wizard - are you at risk?August 4th, 2016 - Chris Woolstenhulme, CPC, CMRS
Attention: Any Any healthcare organization that stores, transmits or maintains PHI (Protected Health Information) in electronic formats is required to adhere to the HIPAA Security Rule... see if your organization is at risk with security compliance.
Visit SRAWizard.com for a Security Risk Assessment (SRA) Tool complete with training and other guidance to ...
2013
HIPAA: Breaches much more likely to require disclosure under Mega Rule
December 4th, 2013 - Scott Kraft
November 18th, 2013 - Scott Kraft
March 22nd, 2013 - Allison Singer, CPC
December 4th, 2013 - Scott Kraft
One of the biggest changes under the HIPAA Omnibus Final Rule – known as the HIPAA Mega Rule – that was finalized earlier this year and took effect last month is a significant change to how you are required to handle breaches of patient protected health information (PHI). The change...
New HIPAA rule gives patient the right to “refuse” to use insurance, receive PHI electronicallyNovember 18th, 2013 - Scott Kraft
The HIPAA Omnibus Final Rule, known in the industry as the HIPAA mega rule, affords patients two key rights that your practice needs to be prepared to implement. Patients now have the right to request and receive their own protected health information (PHI) from your practice electronically and they...
ICD-10: The Wave (or Tsunami) of the FutureMarch 22nd, 2013 - Allison Singer, CPC
ICD-10: The Wave (or Tsunami) of the Future
For many people, simply hearing the words “ICD-10” is enough to cause headaches, indigestion and a sudden compulsion to find a new career. It is the looming healthcare change that many professionals hope will go away completely or be delayed...
Article categories
Accounts Receivable|Payments (19)
Acupuncture|Alternative (10)
Allergy|Immunology (10)
Anesthesia|Pain Management (26)
Audits/Auditing (126)
Behavioral Health|Psychiatry|Psychology (27)
Benchmarks (11)
Billing (221)
Bundling (6)
Cardiology|Vascular (27)
Chiropractic (93)
Claims (72)
Coding (274)
Collections (38)
Colonoscopy (3)
Compliance (128)
Covid-19 (30)
CPT® Coding (279)
Denials & Denial Management (48)
Dental (58)
Dermatology|Plastic Surgery (9)
Diagnosis Coding (147)
Diagnostic Testing (12)
DME|Supplies|Equipment (23)
Documentation Guidelines (120)
Drugs|Pharmaceuticals|FDA (23)
E-prescribing (4)
Acupuncture|Alternative (10)
Allergy|Immunology (10)
Anesthesia|Pain Management (26)
Audits/Auditing (126)
Behavioral Health|Psychiatry|Psychology (27)
Benchmarks (11)
Billing (221)
Bundling (6)
Cardiology|Vascular (27)
Chiropractic (93)
Claims (72)
Coding (274)
Collections (38)
Colonoscopy (3)
Compliance (128)
Covid-19 (30)
CPT® Coding (279)
Denials & Denial Management (48)
Dental (58)
Dermatology|Plastic Surgery (9)
Diagnosis Coding (147)
Diagnostic Testing (12)
DME|Supplies|Equipment (23)
Documentation Guidelines (120)
Drugs|Pharmaceuticals|FDA (23)
E-prescribing (4)
Electronic Medical Records (EMR/EHR) (22)
Emergency Medicine (17)
Endocrinology (11)
Enrollment (5)
ENT|Otolaryngology (10)
Evaluation & Management (E/M) (149)
Gastroenterology (13)
HCPCS Coding (111)
HIPAA|PHI (40)
Home Health|Hospice (28)
Hospital (4)
ICD-10-PCS (1)
Insurance (34)
Internal Medicine (10)
Interventional Radiology (7)
Laboratory|Pathology (19)
Medicaid (14)
Medical Records (10)
Medicare (226)
Medicare Advantage (16)
Medicare Claims Processing Manual (5)
Medicare Physician Fee Schedule (MPFSDB) (22)
MIPS|PQRS|PQRI (32)
Modifiers (135)
National Coverage Determinations (NCD) (8)
Neurology|Neurosurgery (22)
Obstetrics|Gynecology (19)
Emergency Medicine (17)
Endocrinology (11)
Enrollment (5)
ENT|Otolaryngology (10)
Evaluation & Management (E/M) (149)
Gastroenterology (13)
HCPCS Coding (111)
HIPAA|PHI (40)
Home Health|Hospice (28)
Hospital (4)
ICD-10-PCS (1)
Insurance (34)
Internal Medicine (10)
Interventional Radiology (7)
Laboratory|Pathology (19)
Medicaid (14)
Medical Records (10)
Medicare (226)
Medicare Advantage (16)
Medicare Claims Processing Manual (5)
Medicare Physician Fee Schedule (MPFSDB) (22)
MIPS|PQRS|PQRI (32)
Modifiers (135)
National Coverage Determinations (NCD) (8)
Neurology|Neurosurgery (22)
Obstetrics|Gynecology (19)
Office of Inspector General (OIG) (24)
Oncology|Hematology (14)
Ophthalmology (12)
Optometry (12)
Oral and Maxillofacial Surgery (30)
Orthopedics (12)
Pediatrics (13)
Physical Medicine|Physical Therapy (58)
Physicians (13)
Podiatry (17)
Practice Management (117)
Preventive Medicine Service (64)
Primary Care|Family Care (60)
Pulmonology (12)
Radiology (11)
Reimbursement (56)
Relative Value Units (RVUs/RBRVS) (9)
Rheumatology (7)
Risk Adjustment (9)
Screening (5)
Skilled Nursing (20)
Specialty Coding (30)
Surgical Billing & Coding (49)
Teaching Physician Rules (4)
Transitional Care Management (TCM) (2)
Urology|Nephrology (9)
Wound Care (1)
Oncology|Hematology (14)
Ophthalmology (12)
Optometry (12)
Oral and Maxillofacial Surgery (30)
Orthopedics (12)
Pediatrics (13)
Physical Medicine|Physical Therapy (58)
Physicians (13)
Podiatry (17)
Practice Management (117)
Preventive Medicine Service (64)
Primary Care|Family Care (60)
Pulmonology (12)
Radiology (11)
Reimbursement (56)
Relative Value Units (RVUs/RBRVS) (9)
Rheumatology (7)
Risk Adjustment (9)
Screening (5)
Skilled Nursing (20)
Specialty Coding (30)
Surgical Billing & Coding (49)
Teaching Physician Rules (4)
Transitional Care Management (TCM) (2)
Urology|Nephrology (9)
Wound Care (1)