Medical Billers and Coders Logo

Top HIPAA violation and how to prevent them

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the United States Congress to :-

  • improve portability and continuity of health insurance coverage in the group and individual markets
  • to combat waste, fraud, and abuse in health insurance and health care delivery
  • to promote the use of medical savings accounts
  • to improve access to long-term care services and coverage
  • to simplify the administration of health insurance

Diverse and exhaustive, the HIPAA also regulates the protection of the Personal Health Information (PHI) of patients in different formats (medical records, payments history). These are accessible to various entities (health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers) who may disclose a patient's information to facilitate treatment, payment or medical care operations without the patients authorization. In some scenarios the PHI may be shared with law enforcement authorities too for pursuing any criminal incidents. Due to the various entities involved, violations happen due to insufficient HIPAA trainings.

Entities involved in medical coding and billing are few of the exceptions as they are extensively trained and certified in HIPAA and protection of PHI. U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rule. All violations are filed with the OCR and they determine the non-compliance, penalties and corrective actions.

The top violations noted

  1. Using unencrypted, unsecured third party mailing services to communicate with the patients. Examples of third party email services include using Hotmail /gmail/yahoo to name a few.
  2. Failing to provide patients with copies of their medical records upon request.
  3. Failure to implement robust policies, standard operating procedures/formats and training for transmitting and safeguarding PHI.
  4. Incorrect disposal of any form of PHI.
  5. Using unsecure and unencrypted hardware systems to store PHI leading to information theft.
  6. Misplacing/losing hardcopies for patient's records.
  7. Using incorrect modifiers to store transmit PHI
  8. Making false allegations by sharing PHI with patient's employers indicating that the patients was a threat to public safety.
  9. Failure using correct modifiers for claims and reimbursements
  10. Sharing PHI with colleagues who are not directly involved in caring for the patient whether intentional or negligent.

How to prevent HIPAA violations

  1. Highly secure network systems with encrypted hardware systems for preventing unauthorized access to PHI.
  2. Ensuring all involved entities is well versed and trained in HIPAA through certifications or engaging services from expert medical coders and billers.
  3. Well defined revenue cycle management as it involves HIPAA transactions.
  4. Keeping up to date all standard procedures and policies related to protection, transmission, usage and disposal of PHI.
  5. Disclosure policies to be well defined to ensure interest of patient are well protected and exclusions in law enforcement scenarios well defined.

While HIPAA encompasses complex rules and appropriate penalty structures determining the fines for all kinds of violations with main intent for protection of PHI due diligence by all entities involved is a need of the time.

Published By - Medical Billers and Coders
Published Date - Feb-21-2017 Back

Looking for a Medical Billing Quote?

Are you looking for more than one billing quotes?



Looking for a Medical Billing Quote?

Are you looking for more than one billing quotes ?





Would You like to Increase Your Collections?