Category/ Medical Billing

The Most Commonly Asked Questions About HIPAA Compliance

Blog Main Image here

A study on HIPAA compliance conducted by Porter Research, NueMD, and Daniel Brown Law Group discovered that approximately 40% of healthcare organizations and healthcare billing companies are unaware of the updated compliance measures. There were 42% of companies in this group without even a HIPAA compliance plan, which is one of the most important elements of the law! It is clear that this study reflects the state of affairs and that the system needs to be examined in more depth. Let’s find out!


By tackling the pitfalls of sensitive health information management, the Health Insurance Portability and Accountability Act aims to improve the security of the system. It is important to make sure that the healthcare billing companies you hire are HIPAA compliant when you contract with them to handle your medical billing and other revenue management needs. Having data protection ensures you maintain your ethical standards and protects you from data breaches. With the constant changes, it can often get confusing.


In this article, we will discuss why the HIPAA law is important to healthcare billing companies and how it impacts them.


In what way does a law like HIPAA serve its purpose?

A person’s medical information is sensitive by nature. Fraud cases can become complicated if such information is mishandled. In one way, the patient’s data is compromised. On the other hand, it damages the reputation of the healthcare organization.

1.       HIPAA acts as an umbrella to keep an organization safe from all forms of information breaches.

2.      HIPAA implements measures that address multiple areas of concern and try to resolve them.

3.      HIPAA regulates the handling of patient data, also called PHI (Protective Health Information).

4.     Information is protected from being compromised and falling into the wrong hands.

5.      In turn, this reduces the number of healthcare fraud cases.

6.     As part of HIPAA, pre-existing conditions are eliminated through health insurance portability.


What kind of information is covered by PHI? How does HIPAA protect the information?

Protection of health information, or PHI, is applicable to even an unborn fetus. The key information under PHI includes:

·        Details about the patient’s demographics

·        Documentation about the individual’s health

·        Any mental health records that exist

·        The patient’s lab results, if he or she has taken any tests

·        Details of the patient’s insurance

·        For a newborn or a fetus, information like body weight, height, temperature, or health problems is written down


The provider and billing teams access electronic health records to view these details. An individual’s privacy can be deeply compromised with a single breach of data security. Thankfully, HIPAA provides a robust electronic system to protect these sensitive data points.


Is HIPAA compliance mandatory for healthcare billing companies?

Yes! Regulations set by the US Department of Health and Human Services deem this as a mandate instead of an option. Following federal policy, these rules are applicable nationwide for healthcare organizations including:


Covered Entities: Any entity involved in the patient’s treatment plan, payment method, or any other medical procedure.


Business Associates: Any organization that assists covered entities in their work.

Since they have access to patient information, healthcare billing companies generally fall under the business associate category.


According to the US Department of Health and Human Services, HIPAA’s security and privacy regulations do not apply to organizations such as life insurance companies, employers, and workers’ compensation managers.


What are the steps healthcare billing companies must take to stay compliant?

Health and Human Services website provides comprehensive information about HIPAA compliance measures. The HIPAA journal suggests the following checklist for those just entering this field:

·        To ensure that the systems are functioning properly, audits and assessments are conducted annually.

·        An analysis of the audit results indicates a need for improvement in workflow management.

·        Implementing the remediation plans aimed at ensuring compliance should be carefully planned.

·        If the company isn’t able to plan out the steps, it can conduct a system check by appointing a HIPAA Compliance, Privacy, and/or Security Officer.

·        A periodic review of the plans is necessary to determine if they are working for each organization. Regardless of the outcome, updates must be made.

·        Companies can also hire Compliance Officers to conduct HIPAA training for their staff. By doing so, they will remain informed about the modified rules.

·        Reviewing staff training is also a great way to find out how well the company is managing its work.


What questions should you ask a company that handles your health care billing for you to make sure they follow HIPAA?

To ensure that healthcare billing companies are trustworthy, check out their reputation before outsourcing revenue management work. Otherwise, you might end up in unnecessary legal disputes. Check if they are HIPAA compliant by asking these questions:

1.       What regular monitoring systems do you have in place to check for potential attacks on your software systems?

2.      Can you explain the kinds of restrictions you follow when you transfer or handle electronic PHI?

3.      How secure are your audit logs across your hardware and software systems?

4.     Are you regularly training your staff to ensure patient privacy?

5.      Are you following proper security protocols when it comes to facility access?

6.     What kind of policies do you follow in terms of authorized access to patient information?

7.      Do you conduct a yearly assessment of security risks as required by HIPAA?


Hopefully, these questions cover most of your potential risk points. You can request a HIPAA compliance certification if you are still unsure about the systems. Take a look at their customer reviews to get a better idea.


This blog intends to provide you with more clarity regarding HIPAA compliance for healthcare billing companies. Please let us know what you think! Whenever you have questions, feel free to contact us and we will get back to you.


Think about Scribe Align Medical Billing.

If you’re interested in outsourcing medical billing for your practice, we can assist you. Practices need to maintain profitability so that accurate billing processes are followed. Our billing experts understand the complexities of revenue cycle management.