HIPAA Compliance and Home Billing

by gina flori
(boca raton, fl)

I have worked for a billing/software company for over 16 years, i can code better then most practitioners and i am very proficient with O&P and DME billing, i am intrested in starting my own billing/consulting company from home and i was under the impression that home billing was done away with when HIPAA came full force, my boss and i had put together a whole package for HIPAA for our clients and i could swear i saw something to the effect that you had to have atleast 10 employees and that the whole basis behind HIPPA was to eliminate the possibly of fraud therefore no more home billing. Can you please tell me does if differ with O&P and DME billing then with physician billing? And can i proceed forward with starting a company and not have to worry about having more then just myself as an employee to begin with? i know about all the other necessary compliances like business assoc contracts, encryption on the software etc. but im a little confused and cannot seem to find any info on the requirements necessary for home billing, i did read all your articles you provided and they were very informative thank you for your time and assistance in advance.

Response

Great question!

Of course you probably know HIPAA made many changes (and still is) that effect a billing service as well as practices. I believe HIPAA also established and strengthened programs to combat healthcare fraud and abuse - the Health Care Fraud and Abuse Control Program (HCFAC).

I understand the intent of HIPAA compliance is to protect the privacy of patients and their information - through the security standards. Not necessarily outlaw home based medical billing and coding services - but to set standards to protect and secure patient information. For a home based billing business this means having practices in place to insure patient information is only viewed by those with a need to know. It should be in an area - like an separate office - that can be secured when not attended. Also information systems - computers and servers - should be password protected and backed up in a remote locations on a regular basis. I think the same would apply to O&P and DME billing also.

Of course this is my understanding and I’ll be the first to admit this is just my interpretation and understanding of HIPAA. Regardless of HIPAA I want to do everything possible to protect my clients patient information and insure their information is secure. It would be really embarrassing - and a violation - if claim forms or EOB/ERA’s were found in the trash can of someone operating a billing service from home. You occasionally read about these kind of compromises of patient info and they make us all look bad.

So I really don’t interpret HIPAA to outlaw home based billing services - but a home based service must take the same precautions to protect and secure patient information that a practice does - and comply with the HIPAA privacy and security requirements.

Hope this answers your questions. If anyone has more insights or thoughts on this please post them using the "Comments" link below.

Thanks,

Gina