Electronic Medical Billing Software Maintaing Privacy

Medical billing software is used by a variety of health care providers on a daily basis to keep track of accounts and to determine the amount of how much has been paid in total and how much is left to still be paid through claims and invoices. Due to the many changes within the medical field as a whole it is imperative to have medical billing software that is able to stay up-to-date on the current changes which in turn will make the job of a medical billing and coding specialist easier.

Many billing specialist are worried that the rise in technology will soon make their job obsolete but that cannot be further from the truth. Yes the technological advances are their but physicians and medical offices worldwide still need to higher knowledgeable and qualified medical billers that are familiar with the various billing software that are currently flooding the market. Medical billing contains privileged and sensitive information so have medical billing and coding software that has safeguards in place to protect and provide accurate information in accordance to HIPPA rules and regulations.

privacyIn order for a medical biller to comply with HIPPA it will require the biller to have focus and maintain privacy efforts. If you do not comply with HIPPA rules and regulations the risk of sustaining damages and penalties are increased. If you work in an office that uses a variety of systems to maintain patient data, scheduling medical staff and appointments and billing them their needs to be various management efforts for each of those systems set in motion to ensure that HIPPA compliance is top priority. This is especially true when it comes down to medical billing and coding services and the vendors of the software.

Brief Background on Health Insurance Portability and Accountability Act (HIPPA)

It was not until 1996 that congress passed HIPPA into law to place nationwide standards for ensuring that personal health data will be kept private and securely. In April 2003, the “Privacy Rule” written by the United States department of Health and Human Services was in effect. The repercussions of not complying with these rules resulted in the following:

  • Federal government lawsuits
  • Monetary penalties ($100-$250,000)
  • One to ten years in prison

Key Term to Remember is PHI (Protected Health Information)

This term within HIPPA includes everything and anything that is able to be utilized to identify individuals and information that can be shared with others members of the health care teams and/or clearinghouses either:

  • Faxed
  • Printed
  • Emailed
  • Handwritten
  • Digitally
  • Verbally

What information is HIPPA saying can be used to identify an individual? The information that can be used includes:

1. Patients Name
2. Date of Birth (with the exception of year)
3. Zip Codes
4. Telephone Number
5. Fax number
6. Email address
7. SSN (Social Security Number)
8. Medical record ID number
9. Health plan ID number
10. License number
11. Photo

When it comes to patient information that is shared among doctors, physicians, nurses, insurance providers, etc., the information (aside from what was listed above) would include:

1. Notes left by the nurse of the physician
2. Billing records
3. Treatment Records

HIPPA Compliance: Technology Requirements

When it comes down to using technology there are stages in which HIPPA must be implemented between physical data and logical date to network. The following stages are outlined below.

Some ways that a manager, in order to assure that the physical data center is secure would be to:

  • Lock the data center
  • Mange the list of people that have access to it
  • Make use of surveillance cameras inside and around the perimeter of the building to keep track of who accesses the data center
  • Have some form of 24/7 protection of the data access
  • If the information is taken by whatever means, have a procedure in place to recover what was lost.

In order to secure the network the data center must have in place:

  • Secure networking procedures
  • Firewall protections
  • Transferring of data in an encrypted form ONLY
  • Monitoring network access
  • Have an audit of all reports
  • The individual that manages the data should have in place
  • Individual logins
  • Password access
  • Access to the data center recorded and tracked
  • RBAC (Role Based Access Control)
  • The ability to download data should be limited at all times