In medical billing, and other administrative and non-core tasks in hospitals and healthcare practices, HIPAA compliance can never be overemphasized. Whether you are providing medical billing for specialties such as Urology, oncology, nephrology, gynecology, pediatric surgery or gastroenterology it is crucial to maintain HIPAA compliance. Therefore, having written policies and procedures are crucial. With written documentation, staff would have an important resource to refer to if they are in doubt or if someone advertently or inadvertently violates HIPAA rules.
Written Procedures for HIPAA Compliance
Written procedures and policies not only ensure HIPAA compliance, but also help hospitals and practices perform better without. The practices that the healthcare organization needs to follow must be confirmed and etched in stone. Experts in the legal and healthcare field recommend that the following areas of healthcare procedure absolutely need to be documented:
Access to PHI
Protected Health Information (PHI) is very sensitive, and failing to handle it with the security it deserves could put the hospital in a great deal of trouble. Therefore it is important to have a foolproof, clearly defined procedure regarding this and it must be kept on record. It must be determined who has access to this confidential data.
- Caregivers need to have access to it when they are providing treatment
- Billing staff need to access it while submitting a claim
- PHI may also need to be accessed by the front office staff to check a patient in
The PHI policy must make it clear that staff authorized to access PHI should do so only when they absolutely need to, and not otherwise. Access restrictions need to be placed. State-of-the-art electronic systems and software can be employed to track staff members who are accessing the information.
Social Media Use
Many practices do not enforce restrictions on social media usage by their staff. Posting photos or selfies taken in the hospital or clinic could inadvertently expose personal patient information or other such confidential data in social networks, which could result in a serious security breech. It would therefore be best to develop policies for restricting social media use in the hospital or practice premises.
Processing patient complaints is a very important area of concern, since dissatisfied patients could actually bring down the reputation of an institution if their grievances are not dealt appropriately. They could directly complain to the Department of Health and Human Services which could lead to the hospital or practice coming under investigation. To avoid such a scenario, it is important to have procedures in place so that the front office staff will know how exactly to deal with a patient’s complaint when it is made.
Handling Patient Requests
There must also be policies in place to handle requests by patients regarding restrictions about using and disclosing their information. Such requests must be recorded so that the staff would handle the data in a different manner. Disclosures must be logged as well. Procedures should also be in place to handle patients’ access to records, to issue notifications if amendments are made to patient records, or during the filing of an appeal for access.
HIPAA- compliant Coding and Medical Billing
Medical billing and coding specialists have to handle sensitive information on a daily basis. This includes provider, patient, and insurance information, all of which has to be kept secure at all times. In addition, billing staff are also responsible for facilitating the secure electronic and physical transference of sensitive medical information between the various parties involved.
The most important element of the Healthcare Reform Act for medical billing specialists is the rule that all providers use Electronic Health Record (EHR) systems by the end of 2015. This means that practices that still rely on paper claim forms will need to restructure their billing department to manage electronic transactions. These electronic transactions will need to meet the security and privacy standards required by HIPAA as well as other healthcare legislation.
HIPAA has approved the use of ICD codes for diagnosis and CPT and HCPCS codes for procedural reporting and these codes are used in medical billing to generate claims. Similarly, billing specialists need to use the right type of Electronic Data Interchange (EDI) terminology to perform specific billing tasks. Title II of HIPAA specifies that all providers and billers covered by HIPAA have to submit claims electronically using the approved format.
It is obvious that HIPAA impacts almost every aspect of the medical billing process – from the manner in which patient records are stored to claim generation and submission.
Documenting all matters relating to HIPAA-compliant medical billing would ensure smooth processes and reduce the risk of penalties.
Professional outsourcing companies provide HIPAA compliant billing services for all specialties. An established service provider can ensure that your practice is fully up to date on all HIPAA rules and regulations. Documenting administrative policies and procedures and relying on HIPAA-compliant medical billing services will help avoid delay, denials, audit exposure, and allow better focus on patient care.