HIPAA Compliance-Privacy, Security, and Transaction Code Sets

HIPAA Compliance-Privacy, Security, and Transaction Code Sets

 

     EZ Medical Claims Specialists are HIPAA educated, trained and compliant.  We know and enforce HIPAA’s policies concerning patients’ protected health information (PHI) privacy and security.  As a business associate to health care providers and suppliers, all our staff knows and agrees to maintain, protect, and treat as strictly confidential all patient and proprietary information, and this is specified in our contractual agreements.

     We understand and are compliant with HIPAA’s  transaction code sets to send and receive electronic information regarding medical insurance claims.

Patient Protected Health Information Privacy

·         What was once a federally unregulated responsibility to protect patient privacy is now a legal one. A new law regulates how  practitioners, staff members, and business associates handle it. The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to protect the flow of medical information.  Covered entities for HIPAA’s privacy and security regulations are most providers-including physician practices (including their billing services), clearinghouses, and health plans.

·         HIPAA's privacy rule is designed to safeguard protected, individually identifiable protected health information (PHI). Paper records, electronic records and oral communication are covered. Identifiable information is anything that can be used to identify, i.e., a patient's name, address, social security, or phone number. Several other identifiers, such as a patient's condition or the date of surgery, are also included.

·         However, releasing patient identifiable health information for treatment, payment, or health care operations (TPO) is allowed under HIPAA.

·        Physicians must be careful about what they disclose to other staff members, such as billing services or providers not involved in the care of their patient. The general rule of thumb is disclose only the minimum necessary for that person to do his or her job.

Health Care Providers and Business Associates

·        Clearinghouses, separate collection agencies, shredding companies, lawyers, auditors, software vendors, consultants, and billing firms are just some of the possible business associates. HIPAA is designed to protect communication with these partners. Physician practices need reasonable assurances that the information they are sending out is getting the same confidentiality overcoat as it is in their own office.

·        Physicians cannot disclose protected health information to business associates unless the two parties have a contract. Each contract must contain a confidentiality clause that holds these associates accountable for protecting private patient information. The associate cannot use or further disclose the information in a manner that violates the privacy rule.

·        If a business associate violates the privacy rule, the organization under contract with the business associate can be held responsible for the violation—unless the organization takes appropriate steps. If your organization becomes aware of a breach by a business associate, it must take one of the following steps to fix the breach:

1.      Terminate the agreement

2.      Report the breach to the Department of Health and Human Services if termination is not feasible

·         If your business associate is the sole provider of a service or if other extenuating circumstances make immediate termination difficult, the final rule allows for continuation of the business relationship as long as the breach is reported.

Information Security

·         The Security Regulation includes administrative requirements and technical standards that are designed to shield confidential health information from unauthorized access, use, and disclosure.

·         Physicians using electronic methods to transmit data must comply with the HIPAA security regulations. The regulations do not apply to paper documents, only information stored and transmitted in electronic form.

·         Transmissions over the telephone are not covered under the security regulations, nor are fax transmissions. However, information sent via fax is covered under the privacy rules. These rules call on physicians to exercise extreme caution when delivering faxes. By law, organizations must institute physical safeguards to protect medical records and technical protections for data storage, access and transmission.

Transaction Code Sets

·         Experts argue that the standardization of electronic formats will require significant business process change and investment in several key areas of a physician practice, such as billing, electronic medical records, and other information technology. If compliance plans are submitted by October 2002, providers have an extended deadline to October 2003 to comply with HIPAA's eight transaction standards.

Financial Investment for Conversion

  • The size of your practice and resources will determine how much of a financial commitment you can make upfront. A typical solo-physician practice could spend $2,000-$5,000 to retool its billing system.
  • However, today’s Health Care Providers can reduce their expense and overhead in filing their medical insurance claims by outsourcing to a reputable billing service. This can save them the burden of complying with HIPAA’s regulations regarding HIPAA’s transaction code sets, as well as keeping current with the already confusing billing rules for government and commercial payers, purchasing software/licenses, maintaining billing manuals, attending education classes, ordering billing supplies, increasing postal costs, etc. 
  • Delegating the responsibility  to a quality Billing Service saves Healthcare Providers time and money. Contact EZ Medical Claims Specialists today for more information or a FREE quote.

 

 

 

 

 

 

402-292-5432 | 402-292-5432 | ezmedclaim1@cox.net
18840 Jacobs Circle | Omaha | NE | 68135