HIPAA|PHI - Articles

HIPAA Compliance is a Must for Medical Billers and Coders
October 21st, 2022 - Find-A-Code
The medical coding and billing industry is regulated in terms of how it can collect and utilize information. Anyone involved in medical billing and coding, be it as a business owner or employee, must follow all the rules necessary to maintain HIPAA compliance. Needless to say, compliance is a must. Washington doesn't give the industry a choice.
Washington Continuing To Flex Muscles Via Right Of Access
September 7th, 2022 - Find-A-Code
Though medical billing codes are the main focus here, all of us in the medical billing industry need to be cognizant of HIPAA compliance. In light of that, it is important that medical billers, coding specialists, and the clinicians they work for pay attention to the Right of Access Initiative (RAI). Washington continues to flex its muscles in its enforcement of the initiative.
The 'Big 2' HIPAA Rules Medical Billing Companies Must Follow
July 20th, 2022 - Find-A-Code Staff
HIPAA covers nearly every aspect of how medical and personal information is collected, utilized, shared, and stored within the healthcare industry. Title II of the rules is applied directly to medical billing companies and independent coders. The 'Big 2' rules that medical billing companies must adhere to revolve around privacy and security.

Prior years:  (click bar to view articles)

HIPAA Penalty Changes
January 11th, 2021 - Wyn Staheli, Director of Research
On January 5, 2021, H.R. 7898 was signed into law by President Trump. This new law modifies the HITECH Act such that when an organization experiences a breach, fines and/or penalties may be reduced if (for at least a year) they have instituted “recognized security practices” as defined within the law.
HIPAA Final Rule Eliminates HPID and OEID
November 12th, 2019 - Wyn Staheli, Director of Research
Final rule eliminates the requirement for health plans to obtain a unique health plan identifier (HPID) and also eliminates the voluntary use of the other entity identifier (OEID). This change becomes effective December 27, 2019.
Why is HIPAA So Important?
October 11th, 2019 - Namas
Why is HIPAA So Important? Some may think that what they do to protect patient information may be a bit extreme. Others in specialty medical fields and research understand its importance a little more. Most of that importance lies in the information being protected. Every patient has a unique set of ...
Medical ID Theft
August 16th, 2019 - Namas
Medical ID Theft "So, do you guys think you can do something with that?" John asked angrily at our first meeting with him in August 2017 as he slammed a stack of medical bills, EOBs and collection letters - three inches high - down in front of my partner and I. ...
Small Breaches Can Be Subject to Large Penalties
June 21st, 2019 - Namas
Small Breaches Can Be Subject to Large Penalties We may have heard about the large fines issued by the Office for Civil Rights (OCR) against big organizations like Anthem or the University of Texas MD Anderson Cancer Center. These organizations have been in the news due to privacy breaches that constituted violations ...
HIPAA Violation Penalties Revised
May 6th, 2019 - Wyn Staheli, Director of Research
On April 30, 2019 The Department of Health and Human Services (HHS) announced that “HHS will apply a different cumulative annual CMP limit for each of the four penalties tiers in the HITECH Act.” Unlike other notices which require a proposed rule with a comment period, this notice will take ...
Watch out for People-Related ‘Gotchas’
April 15th, 2019 - Wyn Staheli, Director of Research
In Chapter 3 — Compliance of the ChiroCode DeskBook, we warn about the dangers of disgruntled people (pages 172-173). Even if we think that we are a wonderful healthcare provider and office, there are those individuals who can and will create problems. As frustrating as it may be, there are ...
Truncated ICD-10-CM Official Guidelines for Coding and Reporting
January 22nd, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
Adherence to ICD-10-CM official guideline's are required under HIPAA and adopted for all healthcare settings. We have made it easy to access guidelines and made them available on the code information page, either on the page you are viewing or view more information by selecting the ICD-10-CM Chapter Section/Guidelines and ...
Are HIPAA Changes Coming?
December 18th, 2018 - Wyn Staheli, Director of Research
On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights ...
HIPAA Handling Patient Requests for Medical Record Restriction
September 26th, 2018 - BC Advantage
Healthcare compliance professionals frequently face confusing situations about sharing of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) supports the protection of privacy of medical records. However, even when a patient does not authorize sharing of his record, there are permitted uses and disclosures, such as...
Q/A: Do I Have to Accept Any New Patient?
September 24th, 2018 - Wyn Staheli, Director of Research
Question: Is it legal for us to not allow a patient to be seen in our office if their parents have bad debt with us?
Finalized Confidentiality of Alcohol and Drug Abuse Patient Records Regulations
August 31st, 2018 - Wyn Staheli, Director of Research
In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2).  This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ...
Q/A: Is it Legal to Shred Archived Patient Records After a Certain Amount of Time?
August 3rd, 2018 - Wyn Staheli, Director of Research
Shredding patient records. When is it appropriate? Read more to find out.
Medicare Claim Submission Exceptions
June 18th, 2018 - Wyn Staheli, Director of Research
There are several exceptions to the Medicare "Mandatory Claim Submission Rule." What are they?
Q/A: How Do I Respond to a Patient's Request to Not Submit the Claim to Their Insurance?
May 7th, 2018 - Wyn Staheli, Director of Research
A number of patients now have high deductible plans. Sometimes, deductibles can be $5000 or $10,000. My payer contract states that I must submit all claims to insurance for covered services. However, sometimes patients with these high deductibles come to my office and state that they would prefer to receive a modest discount for paying cash and in turn, not have their services submitted to insurance. As a doctor, this places me in a tough situation. Do I follow the patient's wishes or the payer contract?
Q/A: Someone Broke into My Office. What do I do Now?
April 23rd, 2018 - Wyn Staheli, Director of Research
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?
HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?
February 5th, 2018 - Wyn Staheli, Director of Research
Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date. The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ...
Are Your Computers Vulnerable to Cyber Attacks?
February 1st, 2018 - Wyn Staheli, Director of Research
Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings. On ...
Mobile Health: Growing Engagement and New Responsibilities
January 31st, 2018 - Dugan Maddux, MD, FACP
This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth....
HIPAA and the Opioid Crisis
January 24th, 2018 - Wyn Staheli, Director of Research
HIPAA and the Opioid Crisis guidance released by HHS.
HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification
October 6th, 2017 - Wyn Staheli
In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following: Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ...
Medicare Announces New Cards to Be Issued
August 17th, 2017 - ChiroCode
Identity theft has become a major problem in the United States. As a prevention measure, the Centers for Medicare& Medicaid Services (CMS) is readying a fraud prevention initiative that removes Social Security numbers from Medicare cards to help combat identity theft, and safeguard taxpayer dollars. Personal identity theft affects a large ...
Chart Auditing For Beginners
August 11th, 2017 - Michelle West, CPC, CEMC, CPMA, CRC
In the new year, have you found yourself in the new role of performing internal chart audits for your organization? Are you often finding yourself saying "Now What?!" First, take a deep breath and start with the basics. In this week's tip, I will review the very basic tips and ...
Cybersecurity - Are you sure you are secure?
August 4th, 2017 - Wyn Staheli
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ...
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
August 4th, 2017 - NAMAS
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ...
HIPAA Training Requirements
August 1st, 2017 - Wyn Staheli
HIPAA Training must be an ongoing effort in every healthcare organization.
To Disclose or Not to Disclose… That is the Question
June 29th, 2017 - Sean Weiss
The biggest questions I receive these days are in regard to handling potential overpayments regarding internal or external audits is whether or not the errors constitute a self-disclosure protocol. The short answer is, avoid this process unless you have verifiable fraudulent activity to report. Section 1128J(d) of the Act created ...
False Claim Penalties Increase Again
April 10th, 2017 - Wyn Staheli
On February 3, 2017, the Department of Justice (DOJ) issued a Final Rule to increase the civil monetary penalties assessed under the False Claims Act (FCA), due to inflation for the year 2017, to an all-time high of $10,957 (minimum) to $21,916 (maximum). Thirty years ago, in 1986, Congress amended the False ...
How to Properly Dispose Protected Health Information (PHI)
February 27th, 2017 - InstaCode Institute
HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner: Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed. Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ...
Mobile Devices are HIPAA Security Concern
February 22nd, 2017 - Wyn Staheli
Mobile devices are one of the most problematic areas for HIPAA security. Their ease of portability also makes it easy for them to be stolen or hacked. Because so many of the HIPAA breaches reported involved mobile devices, additional guidance has been issued by HealthIT.gov. Their informative web page offers additional ...
Psychotherapy Notes Provision of HIPAA
February 2nd, 2017 - Wyn Staheli
Of special interest to all behavioral health practitioners (both Covered Entities and NON-covered entities) is HIPAA's provision for psychotherapy notes. The privacy rule recognizes that psychotherapy notes need more protection than other types of PHI. Even if you are not a covered entity, we recommend understanding and implementing office procedures ...
HIPAA Exempt Offices (Paper)
January 23rd, 2017 - Wyn Staheli
It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ...
Medical Billing and Coders Professional Liability
November 29th, 2016 - Find-A-Code
Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm. The Federal Health Insurance Portability ...
Security Risk Assessment Wizard - are you at risk?
August 4th, 2016 - Chris Woolstenhulme, CPC, CMRS
Attention:  Any Any healthcare organization that stores, transmits or maintains PHI (Protected Health Information) in electronic formats is required to adhere to the HIPAA Security Rule... see if your organization is at risk with security compliance. Visit SRAWizard.com for a Security Risk Assessment (SRA) Tool complete with training and other guidance to ...
HIPAA: Breaches much more likely to require disclosure under Mega Rule
December 4th, 2013 - Scott Kraft
One of the biggest changes under the HIPAA Omnibus Final Rule – known as the HIPAA Mega Rule – that was finalized earlier this year and took effect last month is a significant change to how you are required to handle breaches of patient protected health information (PHI). The change...
New HIPAA rule gives patient the right to “refuse” to use insurance, receive PHI electronically
November 18th, 2013 - Scott Kraft
The HIPAA Omnibus Final Rule, known in the industry as the HIPAA mega rule, affords patients two key rights that your practice needs to be prepared to implement. Patients now have the right to request and receive their own protected health information (PHI) from your practice electronically and they...
ICD-10: The Wave (or Tsunami) of the Future
March 22nd, 2013 - Allison Singer, CPC
ICD-10: The Wave (or Tsunami) of the Future For many people, simply hearing the words “ICD-10” is enough to cause headaches, indigestion and a sudden compulsion to find a new career. It is the looming healthcare change that many professionals hope will go away completely or be delayed...

Article categories




Home About Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2024 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association