Is there a concern using home billing and protecting privacy? Is there any stipulation that the biller needs a separate and/or secure office?
Yes – when setting up a home office HIPAA requirements must be considered and accommodated. There may be different interpretations but here’s my understanding with respect to HIPAA privacy requirements:
When dealing with any patient records, the records must be secured when not used. And even when in use they cannot be viewed or accessed by unauthorized people. In most cases this would mean securing in an area – or office – that can be locked so no unauthorized people can view or access patient information. If this is a home office that would mean no visitors (or kids) should be able to access the area.
It also means computer access is password protected so any patient info on the screen in the practice management software can’t be viewed. And the computer access shouldn’t be where anyone else can view it – like in an open area with a lot of traffic.
Another example would be a fax machine. If any patient records are sent or received via fax, the fax should be an an area that can be locked/secured when not occupied.
It would also be a good idea to stipulate in any contract with a provider that patient records will be handled in accordance with HIPAA patient privacy requirements.
Hope this helps – again this is just my interpretation.