Medical Billing Software and HIPAA Rules in Small Medical Office

HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996, the first comprehensive federal protective act ensuring the privacy of patient’s personal health information. As part of HIPAA, Congress required the development of privacy regulations to ensure the confidentiality of protected electronic health records. The challenge of complying with increasingly demanding government regulations such as HIPAA was to mandate that healthcare information become portable and available”by legislating the use of uniform electronic transactions and other administrative measures.

Today, finding HIPAA compliant medical billing software may be crucial but with high cost for small medical office. Large medical providers or medical billers that have already implemented strong security policies and practices, the HIPAA security rules will not impose extensive change. The most severely impacted structures will be small medical offices and billers that have weak security polices and practices, which as a result, must undergo an extensive and costly compliance effort.

The HIPAA rules are divided into four sections:

1. Administrative Safeguards
2. Physical Safeguards
3. Security Services
4. Security Mechanisms

This article deals specifically with the software security rules. However there is no such thing as “HIPAA compliant” software. The responsibility to be compliant rests with the medical practice. Keep in mind that the term “HIPAA Compliance” refers to a medical practice obligation and not to a software technical specification. An example of non-software rule is to placing workstations in secure locations (not in open or public areas), and orienting workstations to prevent viewing by nonauthorized personnel.

Two main areas affected by HIPAA are the medical billing software and the practice management software. The HIPAA Security rules mandate that if protected health information is stored or processed electronically, then the security rule applies to that covered entity.

The main software HIPAA compliant procedures are:

A. Any medical billing software package must provide comprehensive contingency plan. HIPAA requires all covered entities to maintain and routinely update a plan for responding to system crashes. The software must include robust functions for:

1. Data backup.
2. Data restore.

B. Hipaa requires all medical providers to take a comprehensive look at how data gets created, where stored, who can modify it and who can delete it. The software must include functions for:

1. Audit trails. Access to data fields tracked and recorded.
2. Log Files. Those files keep track of changes made to the patient data in the program, and those changes can be viewed and printed by opening the audit trail analysis screens
3. Log in reports.
4. Monitoring the security event log of Windows-based computers.

C. Procedures for determining and granting access. This is means secured access to patient’s data only to authorized personnel with:

1. Individual authentication – individual logins and passwords.
2. Role Based Access Control.
3. Auto-logoff feature. This feature will automatically log you out after the selected amount of time of inactivity. This prevents others from reading your screen if you have left your office with the application turned on.

It is very crucial to check all above on trial basis. Do not entrust suppliers that do not offer trial versions. In Biosoftworld we offer full trial versions of our medical billing software. After 30 days, the trial copy will simply expire. There is absolutely no obligation to purchase.