Medical records are voluminous and are getting accumulated by the hour. Today standardization issues have become important even to the individual physician / practitioner. Modern digital technology plays an important part in standardizing the medical information management. It was in the year 1996 that the Health Insurance Portability and Accountability Act (HIPAA) were signed into law. Today there are many organizations that are developing health-related standards. Which are these national bodies? Here is the list.

The ASTM Committee on Health Informatics E-31 creates standards for exchanging messages about clinical observations, medical logic electro physiologic signals, health care identifiers, and for the functionality of the system. The ASC X12 creates standards for exchanging insurance, eligibility, and managed care information and deals with all different aspects of insurance and insurance-related business processes.

While DICOM is for the exchange of digital biomedical images, HL 7 develops standards for exchanging data among clinical systems. IEEE develops standards for medical device information and a general informatics framework and NCPDP develops standards to create and promote data interchange and processing standards to the pharmacy services sector of the health care industry. SNOMED is a standardized coded system for representing clinical information developed and maintained by the College of American Pathologists. LOINC is developing standards that provide a set of universal names and ID codes for identifying laboratory and clinical test results.

The most important federal law ever created for protection against medical identity theft is HIPAA, which stands for Health Insurance Portability & Accountability Act of 1996. HIPAA is commonly misunderstood to be an act specifically about health privacy, but it actually covers other topics apart from it. HIPAA is well known for triggering the Department of Health and Human Services to write the Health Privacy Rule which took effect on the 13th of April, 2003. The Act also requires the health care industry to comply with medical information security standards. The Centers for Medicare and Medicaid Services or CMS was tasked to be responsible for the HIPAA Security Standards.

In HIPAA, the term patient is replaced by the word “individual” since not everyone who has medical record is necessarily a patient, although they could mean the same thing since everyone can become a patient eventually. HIPAA also introduced the term PHI which stands for Protected Health Information. PHI is basically all the health information about an individual, more commonly known as health record or medical record. The Health Privacy Rule applies to all records in any medium – written, digital, electronic, whether on paper, computer disc, tree bark or scrap. HIPAA Security Rule however, applies only to protected electronic information from covered entities such as hospitals, and insurance companies.

To be more specific, the following are considered HIPAA covered entities:

Health Care Clearinghouses – These are organizations or offices tasked to reformat or transmit the information, typically, medical results and billing details, from hospitals or clinics to insurance companies. They do not have direct connection to the patients or to the insurance companies. They are merely transmitter of information.

Health Plans – These are the policies and health packages acquired by individuals.

Health Care Providers – The physicians, nurses, surgeons, laboratory technicians, pharmacists, therapists, and the hospital itself are all considered health care providers. Simply put, anyone licensed to provide medical help is considered a health care provider. It is important to note however, if the health provider does not bill for the services offered, say, pro-bono clinics, then this entity is not covered by HIPAA. Same goes for clinics who accept only cash payments. Since they do not deal with health insurance companies, then they are not subject to HIPAA.

There are also Hybrid Entities, like that Pharmacy inside a supermarket. Since they transmit electronic records of medical purchases, but also offer other non-medical products, then they are considered mixed or hybrid type.

The sad part is, the list of exempted from HIPAA are longer than the covered entities. Among them are school health records, gyms, health websites, Medical Information Bureau, private employers, cosmetic medicine service providers, alternative medicine practitioners, occupational health clinics, fitness clubs, massage therapy clinics, nutrition counselors, disease advocacy groups, and non-prescription products marketers. And the list continues as more and more companies and providers are limiting the charging of services to cash and credit transactions than claims to insurance policies.

When it comes to the medical billing and coding at home profession in the medical industry, there are many requirements to the privacy and safety of a patient’s private information about their health care. Medical billing and medical coding specialists are the most scrutinized when it comes to these requirements. There is a lot more concern for a patient’s medical information being compromised when you have individuals who work at home on their computers. The medical industry has regulations in place in order to help keep the safety of all individuals.

Regulations and Rules

Medical billing/coding specialists have to learn and dedicate themselves to these regulations. All individuals who work at home must learn and understand the rules that surround compliance of the company that they are working for. HIPAA is the Health Insurance Portability and Accountability Act of 1996 and is put in to place in order to give all people federal protection of their health care information. It helps to make sure that only the people needed to see their medical information have access to it. If you are a work from home medical coder or biller, you have to understand that you could be in a lot of trouble if you do not adhere to the HIPAA rules.

The CMS which is The Centers for Medicaid and Medicare Services along with the OIG which is the Office of Inspector General are mandated by law to help with compliance of HIPAA laws. Having a medical billing and coding at home job or business, you will encounter people who will be on several different types of insurance plans including private insurance, Medicare, and Medicaid. You not only need to be very careful about the health services information that you are working with but also with the private information that is included with their insurance plans.

Work at home jobs in the medical billing and coding profession are not easy to come by so when you are lucky enough to have this type of job at home, you need to make sure that you do not take it for granted. You need to abide by the regulations concerning medical billing and coding at home. These are in place for a reason because you would not want your own medical information sitting on someones desk at home for any passerbys to see and possibly use in the wrong manner. There are consequences that you will face if precautionary measures are not taken to keep a person’s information private.

The Health Insurance Portability and Accountability Act (HIPAA) provides rights and protections for participants and beneficiaries of group health plans. The Privacy Rule, a federal law, grants health consumers rights over their information and promulgates rules and limitations on who can look at and receive personal health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral.

The Security Rule, a Federal law that protects electronic health information, requires HIPAA-covered entities to ensure that electronic protected health information is secure.

Additionally, HIPAA includes protections limiting exclusions for preexisting conditions; prohibits discrimination against employees and dependents based on health status; and allows an opportunity to enroll in a new plan to individuals in certain circumstances. HIPAA may also grant a right to purchase individual coverage if no group health plan coverage is available, and for those who may have exhausted COBRA or other continuation coverage.

The following are some of your rights under HIPAA:

• You have the right to receive a copy of your health records
• You can ask to see and receive a copy of your medical records and other related health information. In most cases, copies must be provided within 30 days of being requested, though there may be a fee associated with the cost of copying and mailing.
• You can ask to have corrections added to your health information
• You can ask that any misinformation in your file be corrected, or you may request to add information to an incomplete file. For example, if you and your hospital agree that your file has the wrong result for a test, the hospital must change it. Even if the hospital believes the test result is correct, you still have the right to note your disagreement in your file. In most cases the file should be changed within 60 days of the request to amend or change.
• You can receive a notice that tells you how your health information is used and shared
• You have the right to know how your health information is being used and shared. Your provider or insurer must give you a notice that tells you exactly how they may use and share your health information. In most cases, you should receive this notice on your first visit to a provider, or in the mail from your health insurer. Additionally, you may request a copy at any time.
• You can decide whether to give your permission before your information can be used or shared

Generally speaking, your health information cannot be given to your employer, used or shared for things like sales calls or advertising, or used or shared for many other purposes unless you grant express permission by signing an authorization form. This authorization form must tell you who will get your information and what the information will be used for.

Who can receive and view your health information?

• To ensure your health information is protected in a way that does not interfere with treatment, your information can be used and shared:
• For treatment and care coordination;
• To compensate doctors and hospitals for your health care and help run their businesses;
• With your family, relatives, friends, or others you identify who are involved with your health care or payment, unless you object;
• To ensure doctors give good care and nursing homes are clean and safe;
• To protect the public’s health, such as by reporting when there is a flu outbreak; and
• For mandatory reports to the police, such as reporting gunshot wounds.
• Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:
• Give your information to your employer;
• Use or share your information for marketing or advertising purposes; or
• Share private notes about your health care.
• You may request that your information not be shared
• You can ask your provider or health insurer not to share your health information with certain people, groups, or companies, such as with other doctors or nurses in a particular hospital or clinic. However, they do not have to agree to do what you ask.
• You have the right to file a complaint
• You may file a complaint with your provider or health insurer if you suspect your information was used or shared in a way that is disallowed under the privacy law, or if you feel you were unable to exercise your rights.

Who must follow this law?

Most doctors, nurses, pharmacies, hospitals, clinics, nursing homes, and other health care providers. Also required to follow this law are health insurance companies, HMOs, most employer group health plans, and certain government programs such as Medicare and Medicaid.

Who is not required to follow this law?

Life insurers;

Workers compensation carriers;

Most schools and school districts;

Many state agencies, for example child protective services;

Most law enforcement agencies; and

Many municipal offices.

When you make an original visit to a doctor’s office, hospital, or other health care provider, you should be given a copy of your HIPAA rights, which you will be asked to sign. Make sure you read the entire document, and request a copy for your own files.