Medical Billing Guidelines

What you need to know about medical billing guidelines. Get the facts on HIPAA and OIG guidelines. Is there such thing as HIPAA compliant medical billing software?

There are two terms you see in reference to medical billing guidelines: HIPAA and the OIG. HIPAA is federal legislation intended to protect a patient’s privacy and personal health information.

It also included among other things the establishment of the NPI (National Provider Identification) number. The OIG guidelines are established by Health and Human Services Office of Inspector General to combat Medical Billing Fraud.

HIPAA is the Health Insurance Portability and Accountability Act. Section II if the legislation is known as the Administrative Simplification. This section contains requirements regarding privacy, transaction code sets, and unique identifiers.

Failure to comply with HIPAA can result in financial fines up to $250,000 an imprisonment.

How does HIPAA effect Medical Billing?

A patient’s Protected Health Information (or PHI) includes anything that can identify a patient. This can be anything from patient names, addresses, social security numbers, or medical records.

This information must be kept secure such that only those healthcare providers, insurance carriers, or clearinghouse (or their authorized agents) have access to it. HIPAA requirements are intended to protect patient privacy. Any correspondence involving patient information such as phone calls, faxes, and emails must have appropriate privacy protection.

In a typical office, this would mean taking the following precautions:

  • Fax machines should be located in a location the public does not have access to and can be secured after hours. Fax cover sheets should have a confidentiality statement.
  • Computers should be password protected with screens oriented so they cannot be viewed by others.
  • Phone conversations where patient information may be discussed should be held where they cannot be easily overheard.
  • Emails containing patient information should be encrypted.
  • People having access to the office of a practice should be required to sign a confidentiality statement.

These practices apply not only to a provider’s office but also to a third party billing service.

Administrative Simplification also:

  • Set standards for transmittal of EDI information such as electronic claims and electronic remittance advice, as well as other administrative information.
  • Adopted the used of ICD-9 diagnosis and CPT-4 procedure codes as standards.
  • Assigned unique 10 digit identifiers to providers called a National Provider Identification (NPI) number.

Covered entities (such as a physician) that outsource services to a third party – such as a billing service – must ensure the vendor complies with HIPAA practices. This is typically done through contract clauses and Business Associate agreements. If you operate a medical billing business, you may be asked by the provider to sign a Business Associate agreement.

Click here form more information on HIPAA Laws.

Software and HIPAA Compliance

There’s not really such a thing as HIPAA compliant medical billing software. There are however security rules and standard electronic formats required by HIPAA for exchanging information.

HIPAA requires contingency plans in the event the software system is damaged or crashes. This includes the capability to back up data off-site and the ability to restore that data.

To comply with HIPAA, software used for medical billing should include safeguards such as user access logs and audit trails, password protection, and the ability to accommodate the 10 digit NPI numbers. This sounds simple but I found out this introduced a lot of expense and effort to accommodate.

Our AltaPoint billing software did not have the capability to include the NPI field in the electronic claim file. Consequently we had to upgrade our software at considerable expense. We also spent considerable time working with our clearinghouse to insure the claim files were in an acceptable format.

Most practice management billing software usually relies on the clearinghouse to insure data in non-HIPAA formats is converted to a HIPAA compatible format.

OIG Medical Billing Guidelines – Medical Billing Fraud Prevention

The OIG (Office of Inspector General) has established medical billing guidelines for individual and small group practices in the Federal Register (Vol. 65, No. 194). It’s a 19 page very densely worded document. It’s like reading the tax code!

The whole point of these guidelines is to prevent submitting erroneous or fraudulent claims for payment by federal health care programs.

With all the discussion lately on healthcare reform, it’s not uncommon to hear politicians rail on Medicare medical billing fraud.

The OIG also has medical billing guidelines for billing companies (Federal Register Vol. 63, No. 243). These guidelines are geared towards billers to combat fraudulent billing practices.

The OIG has established 7 elements for a compliance program:

  • Written polices and standards of conduct
  • Designating a compliance officer
  • Conducting training
  • Developing effective lines of communication
  • Enforcing standards using discipline
  • Internal monitoring and auditing
  • Prompt response to offenses and developing corrective action

OIG does state that these compliance guidelines are voluntary. So you probably see a formal compliance program except at larger facilities first that serve a lot of Medicare and Medicaid patients.

Even for a small billing company, it’s important to have a compliance plan documenting policies and procedures in place to prevent fraud. This doesn’t have to be anything elaborate, just a document that addresses the points above.

If you ever are investigated by any government agencies, having a compliance plan shows you are conscientious and trying to comply with the particular medical billing guidelines. This would most likely result in more lenient treatment by the investigating agency.

Return from Medical Billing Guidelines to Medical Billing Information