Category/ Medical Billing

The Most Commonly Asked Questions About HIPAA Compliance

The Most Commonly Asked Questions About HIPAA Compliance

A study on HIPAA compliance conducted by Porter Research, NueMD, and Daniel Brown Law Group discovered that approximately 40% of healthcare organizations and healthcare billing companies are unaware of the updated compliance measures. There were 42% of companies in this group without even a HIPAA compliance plan, which is one of the most important elements of the law! It is clear that this study reflects the state of affairs and that the system needs to be examined in more depth. Let’s find out!

By tackling the pitfalls of sensitive health information management, the Health Insurance Portability and Accountability Act aims to improve the security of the system. It is important to make sure that the healthcare billing companies you hire are HIPAA compliant when you contract with them to handle your medical billing and other revenue management needs. Having data protection ensures you maintain your ethical standards and protects you from data breaches. With the constant changes, it can often get confusing.

In this article, we will discuss why the HIPAA law is important to healthcare billing companies and how it impacts them.


In what way does a law like HIPAA serve its purpose?

A person’s medical information is sensitive by nature. Fraud cases can become complicated if such information is mishandled. In one way, the patient’s data is compromised. On the other hand, it damages the reputation of the healthcare organization.

1. HIPAA acts as an umbrella to keep an organization safe from all forms of information breaches.

2. HIPAA implements measures that address multiple areas of concern and try to resolve them.

3. HIPAA regulates the handling of patient data, also called PHI (Protective Health Information).

4. Information is protected from being compromised and falling into the wrong hands.

5. In turn, this reduces the number of healthcare fraud cases.

6. As part of HIPAA, pre-existing conditions are eliminated through health insurance portability.


What kind of information is covered by PHI? How does HIPAA protect the information?

Protection of health information, or PHI, is applicable to even an unborn fetus. The key information under PHI includes:

1. Details about the patient’s demographics

2. Documentation about the individual’s health

3. Any mental health records that exist

4. The patient’s lab results, if he or she has taken any tests

5. Details of the patient’s insurance

6. For a newborn or a fetus, information like body weight, height, temperature, or health problems is written down


The provider and billing teams access electronic health records to view these details. An individual’s privacy can be deeply compromised with a single breach of data security. Thankfully, HIPAA provides a robust electronic system to protect these sensitive data points.


Is HIPAA compliance mandatory for healthcare billing companies?

Yes! Regulations set by the US Department of Health and Human Services deem this as a mandate instead of an option. Following federal policy, these rules are applicable nationwide for healthcare organizations including:

Covered Entities: Any entity involved in the patient’s treatment plan, payment method, or any other medical procedure.

Business Associates: Any organization that assists covered entities in their work.

Since they have access to patient information, healthcare billing companies generally fall under the business associate category.

According to the US Department of Health and Human Services, HIPAA’s security and privacy regulations do not apply to organizations such as life insurance companies, employers, and workers’ compensation managers.


What are the steps healthcare billing companies must take to stay compliant?

Health and Human Services website provides comprehensive information about HIPAA compliance measures. The HIPAA journal suggests the following checklist for those just entering this field:

1. To ensure that the systems are functioning properly, audits and assessments are conducted annually.

2. An analysis of the audit results indicates a need for improvement in workflow management.

3. Implementing the remediation plans aimed at ensuring compliance should be carefully planned.

4. If the company isn’t able to plan out the steps, it can conduct a system check by appointing a HIPAA Compliance, Privacy, and/or Security Officer.

5. A periodic review of the plans is necessary to determine if they are working for each organization. Regardless of the outcome, updates must be made.

6. Companies can also hire Compliance Officers to conduct HIPAA training for their staff. By doing so, they will remain informed about the modified rules.

7. Reviewing staff training is also a great way to find out how well the company is managing its work.


What questions should you ask a company that handles your health care billing for you to make sure they follow HIPAA?

To ensure that healthcare billing companies are trustworthy, check out their reputation before outsourcing revenue management work. Otherwise, you might end up in unnecessary legal disputes. Check if they are HIPAA compliant by asking these questions:

1. What regular monitoring systems do you have in place to check for potential attacks on your software systems?

2. Can you explain the kinds of restrictions you follow when you transfer or handle electronic PHI?

3. How secure are your audit logs across your hardware and software systems?

4. Are you regularly training your staff to ensure patient privacy?

5. Are you following proper security protocols when it comes to facility access?

6. What kind of policies do you follow in terms of authorized access to patient information?

7. Do you conduct a yearly assessment of security risks as required by HIPAA?

Hopefully, these questions cover most of your potential risk points. You can request a HIPAA compliance certification if you are still unsure about the systems. Take a look at their customer reviews to get a better idea.

This blog intends to provide you with more clarity regarding HIPAA compliance for healthcare billing companies. Please let us know what you think! Whenever you have questions, feel free to contact us and we will get back to you.


Think about Scribe Align Medical Billing.

If you’re interested in outsourcing medical billing for your practice, we can assist you. Practices need to maintain profitability so that accurate billing processes are followed. Our billing experts understand the complexities of revenue cycle management.


What are CPT Codes? Understanding CPT Codes

CPT is a standardized set of codes used to report medical, surgical, and diagnostic procedures and services to various entities, including physicians, insurance companies, and accreditation organizations. Medical bills are billed electronically using CPT codes combined with ICD-9-CM or ICD-10-CM numerical diagnostic codes.

The CPT codes are used to submit claims to federal and private payers when rendering healthcare. As CPT codes provide a detailed description of a procedure or service, they eliminate subjective interpretations of what was delivered to the patient.


The American Medical Association (AMA) developed CPT® codes in 1966 to standardize reporting of medical, surgical, and diagnostic services and procedures provided in hospital and outpatient settings.

The evolution of healthcare – including the availability of new services and the retirement of outdated procedures – is a significant consideration. Every year, the AMA releases new, revised, and deleted CPT® codes and changes to coding guidelines. The AMA also releases more minor updates to various sections of the CPT® code set.

Moreover, the AMA updates CPT® terminology or medical language to reflect advances in medicine. Though the AMA owns the copyright to CPT®, it invites participants to contribute to the ongoing maintenance of the code set and welcomes feedback on the codes and code descriptors.


Understanding CPT® codes

CPT® codes are composed of five characters. In general, codes are numeric, but some codes include a fifth character, such as A, F, T, or U. These are some examples:

92526      Oral function therapy

0638T      Ct breast w/3d bi c-/c+ 


CPT® Code Types: A Quick Guide

Providers assign codes to every service or procedure they perform. It even includes codes for services and procedures not specifically named in another CPT® code, called unlisted codes.

The AMA has organized CPT® codes logically by classifying them into three types based on the wide range of services and procedures they cover:

CPT® Category I: Codes commonly used by providers to report their services and procedures comprise the largest body of codes

CPT® Category II: Additional tracking codes used in performance management

CPT® Category III: Emerging and experimental codes for reporting services and procedures


CPT® Category I:

Most CPT® codes are in Category I. There are a variety of existing services and procedures that are widely used and, where appropriate, approved by the Food and Drug Administration (FDA).

In general, Category I codes, which are typically represented by five characters, are arranged numerically. Codes are resequenced in one discrepancy from the expected order. In order to facilitate quick access to related codes – and help coders select the best codes – the AMA groups similar codes together. Resequenced codes occur when a new code is added to a family of codes, but there is no sequential number assigned to it.

Another exception to numerical code order involves evaluation and management codes (E/M codes). Although E/M codes begin with 9, they are printed first in CPT® code books, as you can see below in the code outline for Category I. E/M services are among the most frequently reported healthcare services, so the AMA chose this order. As with resequenced codes, this arrangement is intended for coding efficiency.


Codes for CPT® Category I fall into six main categories:

Evaluation & Management (99202–99499)

Anesthesia (00100–01999)

Surgery (10021–69990) The code range is further divided into smaller groups by body area or system

Radiology Procedures (70010–79999)

Pathology and Laboratory Procedures (80047–89398)

Medicine Services and Procedures (90281–99607)


CPT® Category II:

Four numbers and the letter F make up Category II codes, which providers can assign in addition to Category I codes. There is no reimbursement associated with Category II codes, unlike Category I codes.

The CPT® code book typically places Category II codes after Category I codes. These codes are listed as follows:

Composite Measures (0001F–0015F)

Patient Management (0500F–0584F)

Patient History (1000F–1505F)

Physical Examination (2000F–2060F)

Diagnostic/Screening Processes or Results (3006F–3776F)

Therapeutic, Preventive, or Other Interventions (4000F–4563F)

Follow-up or Other Outcomes (5005F–5250F)

Patient Safety (6005F–6150F)

Structural Measures (7010F–7025F)

Nonmeasure Code Listing (9001F–9007F)


CPT® Category III:

Category III codes, characterized by four numbers and a letter T, usually follow Category II codes in the code book. Category III codes are temporary codes used to identify new technologies, services, and procedures.

In Category III, temporary codes describing new services and procedures can remain for up to five years. They must meet Category I criteria, including FDA approval, evidence that the procedure is widely practiced, and evidence that it has proven effective. A new Category I code will be assigned to them. Providers can also eliminate Category III codes if they do not use them.

The AMA releases new or updated Category III codes semiannually via its website but publishes the deletions of Category III codes with the full list of temporary codes annually.


Stay Connected