HIPAA Compliance is a Must for Medical Billers and Coders

by  Find-A-Code™
Oct 21st, 2022

The medical coding and billing industry is regulated in terms of how it can collect and utilize information. Anyone involved in medical billing and coding, be it as a business owner or employee, must follow all the rules necessary to maintain HIPAA compliance. Needless to say, compliance is a must. Washington doesn't give the industry a choice.

HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act. The act is a 1996 law that has created regulatory standards for the collection, use, and disclosure of patient protected health information (PHI).

Congress enacted HIPAA partly in response to the healthcare system beginning its transition into the digital world. It was proactive legislation designed to protect digital information as securely as paper records were ostensibly being protected. Incidentally, authority to enforce HIPAA lies with the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR).

Who Must Comply

The medical billing industry, and this includes both billers and coders, must comply with HIPAA at all times. So does nearly every other entity involved in healthcare. Specifically, the law describes two groups of organizations required to maintain HIPAA compliance:

1. Covered Entities

A covered entity is any business, nonprofit, healthcare facility, etc. that utilizes PHI electronically. This covers organizations that collect, create, store, transmit, or otherwise utilize protected patient information. Without question, this includes doctors’ offices and hospitals. It includes public health clinics too.

2. Business Associates

Also covered under HIPAA compliance rules are entities that do not directly collect, store, use, or transmit PHI for their own purposes, but do so on the behalf of covered entities. This is where medical coding and billing comes in.

A company that offers medical coding and billing services as a third-party contractor doesn't actually collect or store any PHI directly. It utilizes data supplied by healthcare facilities. They do transmit data, though they do so on behalf of their clients.

What Compliance Requires

The actual HIPAA legislation has changed quite a bit in the more than 25 years since it was first passed. There are numerous rules that must be followed including the 'big four':

• HIPAA Privacy Rule
• HIPAA Security Rule
• HIPAA Breach Notification Rule
• HIPAA Omnibus Rule

In addition to the rules, covered entities and their business associates are required to do certain things to make sure their organizations maintain compliance at all times. They must conduct regular self-audits, for example. The audit is designed to uncover any technical or administrative gaps in compliance policies.

Covered entities and their business Associates must also:

• create remediation plans for addressing compliance issues
• develop proper policies and procedures for compliance
• maintain an appropriate level of employee training
• document all steps taken to maintain compliance
• document all business associate management practices
• document all incident management events

An awful lot goes into HIPAA compliance. It is not as simple as handing patients their consent forms, gathering their signatures, and then filing the forms in a back-office filing cabinet. HHS and OCR are very serious about enforcing the HIPAA.

Know the Law

If you are involved in medical coding or billing, make sure you know the law as it applies to you. It is especially important to understand compliance if you own or operate a medical coding or billing service. As a business owner, compliance ultimately rests with you.

If you are just getting into medical coding or billing as an employee, you're going to get plenty of experience in HIPAA compliance throughout your career. Compliance is a must for coders and billers. It is a must for their employers.