What Does a Medical Billing Specialist Need to Know about HIPAA?
Interested in becoming a medical billing specialist but not sure what they need to know about HIPPA? HIPPA focuses on the safeguarding of patient’s confidential health information, and the medical billing specialist plays a role. They must have strong attention to detail, investigative abilities to resolve complex problems, and the organizational skills to manage a constant flow of information.
Beyond the essential functions of their job, medical billing specialists must also adhere to both government and company policies concerning patient data. They must follow HIPAA regulations every day.
Standardizing medical records and billing practices have made health information more efficient but also created more opportunities for unauthorized disclosures. There are countless stories about ransomware attacks on healthcare systems and fines leveled against institutions for data leaks.
As a medical billing specialist, you need to understand your role in handling patient data, the specific obligations you have under HIPAA, and how you can best protect patients’ sensitive information.
What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act. It was passed in 1996 to standardize the way patients’ private health information is documented, transmitted, and protected. The law holds medical professionals, facilities, and insurers accountable.
Contrary to popular belief, HIPAA is not exclusively about patient privacy. Instead, HIPAA mandates that any professional with access to patient data takes steps to maintain confidentiality and security. Supplemental laws designate any information including patients’ names, medical histories, social security numbers, diagnosis information, and treatment plans as protected health information (PHI).
Adhering to HIPAA means handling all protected health information responsibly. The digitization of medical records has made medical billing a uniform practice but has also created numerous ways in which patient information can be compromised.
HIPAA and Medical Billing
Medical billing specialists’ jobs involve routinely transmitting health information between their employer and insurance companies to collect reimbursement for medical services. As a result, medical billing specialists deal with protected medical information every single day. Medical billers must be trustworthy and detail oriented. This makes their role in HIPAA compliance a core function of their job.
The growth of the medical billing profession is a result of HIPAA’s passage. The act instituted the use of the International Statistical Classification of Diseases and Related Health Problems, more commonly known as the ICD codes. By formalizing and codifying the billing process, HIPAA created the need for experts in deciphering medical records and translating them into the information provided to insurance companies.
HIPAA also established a standard style and format for bill transmission. This unified the industry to ensure accuracy while eliminating errors and potential frauds.
What is a HIPAA Violation?
All medical institutions, providers, and employees must abide by HIPAA because it’s a federal law. The government considers patient health information a sensitive topic that must be protected. HIPAA compliance and training is a mandatory part of institutions’ continued accreditation and ability to bill Medicare.
A HIPAA violation occurs anytime protected health information is exposed or possibly exposed to an individual without authorization to view it. Due to the importance placed on protected health information, HIPAA violations are punished harshly. Large fines and other sanctions are levied on institutions and individuals who violate HIPAA, even accidentally.
HIPAA violations can result from carelessness, lack of physical or cyber security, or lax standards concerning protected health information. The majority of breaches are unintentional and accidental. Health information can be compromised by anything from a cyberattack on a hospital system to accidentally discarding a printed bill with protected health information in the trash instead of destroying it.
How Do Medical Billers Follow HIPAA?
As a medical biller, you are not responsible for your employer’s cyber security or the integrity of their network. However, you are still required to follow best practices established by the employer to maintain HIPAA compliance. You’ll likely be required to complete annual training that reviews and emphasizes HIPAA policies.
Your primary responsibility is to guard patient information. This entails having your computer password-protected and locking your workstation when it’s unattended. You should never share your password with a coworker, even if they say it’s for work purposes. Electronic medical record systems log who accesses what information. If an unauthorized breach occurs, it can be traced to your account.
You should also be aware of your online security and discerning about incoming communication. It’s important to follow your facility’s email policy and be suspicious of email attachments. This challenges medical billers because they constantly exchange information with other departments and insurance carriers. Your job will require you to discuss patient data with others. Following up with a provider for clarification on a record, reviewing an outgoing bill with a coworker or supervisor to ensure accuracy, or communicating with a third party authorized to access the data are acceptable because those discussions are necessary.
You should never transmit patient data or discuss it if it doesn’t directly relate to completing a billing task or duty. A good rule of thumb is to treat all patient data as if it were your own.
Examples of HIPAA Violations
HIPAA compliance can feel daunting because you can easily violate it if you do not continually prioritize security and discretion. You must always treat patient information as valuable, private, and vulnerable. While there are many possible ways a medical billing specialist can break HIPAA, here are a few common examples:
Lost or Stolen Equipment
If a medical biller uses an unencrypted laptop to generate bills, they may violate HIPAA if the device is lost or stolen. Once the device containing patient data is out of the medical biller’s possession, there is no way to be sure an unauthorized party has not accessed the laptop and viewed patient data.
Loud Conversations
If a medical billing specialist asks a coworker to audit a claim they generated because they are unsure if the chart notes justify one of the procedure codes, they can discuss the protected health information without breaking HIPAA.
However, if their conversation occurs in a public area where anyone passing by can overhear their discussion, they have broken HIPAA by discussing patient info in the presence of an unauthorized party.
Improper Email Communication
When transmitting patient information electronically, the sender is required to ensure information security. Your employer will have a policy requiring the use of an encrypted server or other safeguards. If a medical biller was communicating with a carrier about a denied bill and sent them medical records to support an appeal, but emailed it from their personal unsecured email, they violated HIPAA because they did not take adequate steps to secure the electronic communication.
What Happens When a Medical Billing Specialist Violates HIPAA?
When a medical biller believes they have violated HIPAA they must notify their supervisor immediately. The facility will then report the violation and initiate a corrective response that includes notifying the patient of the breach and alerting the appropriate regulators.
Depending on the extent of the infraction, an individual can face large fines and even criminal charges for egregious violations of patient privacy and HIPAA. In some cases, violators can even be required to pay restitution to patients. Employers often have zero-tolerance policies for HIPAA violations, even if patient data was not compromised. Companies strictly enforce password policies, monitor what charts medical billers’ access, and require employees to leave all computers and patient data on-site.
What is the Best Way to Learn About HIPAA?
Vocational training from an accredited program is the best way to learn about HIPAA and get comfortable following the regulations. A comprehensive medical billing specialist program devotes coursework to the history of HIPAA and its role in today’s healthcare field. Instructors are experienced professionals who incorporate real-world scenarios into the curriculum, preparing you for workplace challenges.
Can Vocational Education Help My Career?
Beyond giving you the knowledge to protect patient information and keep yourself safe from potential violations, vocational training shows prospective employers that you already have a strong knowledge base regarding HIPAA, healthcare laws, and patient privacy standards.
Hiring managers value candidates who begin their position already respecting the importance of HIPAA for patients and the organization. In addition, employees with advanced training and HIPAA fluency are more likely to earn advancement opportunities.
Want to Learn More?
The Medical Billing and Coding training program at Peloton College provides students vital knowledge in Medical Terminology and Understanding Health Insurance Claims and prepares students to be able to work with and maintain electronic health record systems in the health care industry. Graduates of this Medical Billing and Coding training program will also be eligible to sit for the Certified Electronic Health Records Specialist (CEHRS) Certification or the Certified Billing and Coding Specialist (CBCS) Certification.
The mission of Peloton College is to be the premier provider of hands-on training and education by providing students and graduates with the necessary skills to secure occupational careers. Contact us today to learn more.