HIPAA Compliance Software Requirements
HIPAA is the commonly used acronym that refers to the Health Insurance Portability and Accessibility Act, which became legislation in 1996. HIPAA is relevant to any type of healthcare provider that sends patient information to medical insurance companies electronically, and outlines exactly how that information should be stored, accessed and transmitted.
As of June 2012, HIPAA 5010 has become the law of the land regarding how electronic claims and claims-related information is to be transmitted. More specifically, the new rules govern a group of transactions (the transaction set), including claim submission, payment receipt, authorizations, claim status and eligibility.
With this in mind, HIPAA becomes a very important consideration for medical practices and facilities that are using, or maybe planning to invest in, MPM and billing software. Unfortunately, a search for HIPAA compliance software won't deliver any results, as no such accreditation exists. It is the practice itself that needs to be complaint, so any software package needs to support the provider in achieving this, and enable them to make sure they are meeting HIPAA requirements.
In a nutshell, some important examples of the new changes include
- Listing the provider as the billing provider, rather than a billing service or a clearinghouse.
- Requiring a street address for the billing provider's service address, rather than a post office box.
- Requiring a nine-digit zip code.
- Enhancing NPI reporting rules.
- Enhancing reporting of primary, secondary and tertiary payers for claims transactions.
- Clarifying encounter reporting.
- In most cases, making the subscriber the patient, regardless of who purchases the policy.
Choosing HIPAA compliant medical billing software
With the onus on the medical provider to make sure that any billing or practice management software they are using supports their HIPAA compliance, here are some of the features it would be good idea to make sure are present in any solution being considered.
Detailed user logs - Being able to keep a track of who's been using the software, exactly what they did and when they did it, is one of the more important requirements of HIPAA. Software that tracks users and keeps a detailed log of the information they've viewed and the specific changes they've made (as well as a record of the information prior to being altered), will help practices comply with this requirement.
Defined roles and access levels - One phrase that is commonly used in HIPAA guidelines is 'minimum necessary', referring to the requirement that those who have access to patient information only see the minimum amount of detail necessary to do their job. Practices should therefore consider MPM or billing packages that allow them to set very specific user roles and access levels that keep individuals' access to patient information at the minimum necessary levels. However, a balanced approach is required as it's also important that the software isn't so restrictive that it would compromise patient care.
Information security - In a similar way that most business look to make sure they have adequate security for their information systems, HIPAA requires systems that store patient information to have the necessary firewalls and security measures in place to prevent unauthorized access. While this might seem to restrict practices to using systems installed onsite, many of the 'cloud-based' solutions on offer are equally as secure and can offer a more flexible option.
Secure communication - The transmission of patient details is one of the aspects of information management that HIPAA focuses on specifically, and any billing or management software should provide certain features to meet this requirement. It should be possible to encrypt e-mails if they contain sensitive patient information, or ideally provide some kind of messaging setup that allows individuals to share information without it ever having to leave the system.
Standardized information - HIPAA brought about a standardization of the specific codes and transaction information used in medical billing, and while it would be difficult to find any billing and management software that didn't use these, it is still something worth checking.
Archiving and disaster recovery - Practices need to be certain that any software they are using allows them make sure patient records are reliably backed up and maintained. It's a requirement of HIPAA that patient information is always available to those who need to view it, which can include the patient themselves, so suitable archiving and disaster recovery features should be incorporated into any billing software system.
Ongoing compliance - The implications of the HIPAA will continue to evolve, and additional legislation such as the HITECH Act can change or add to the requirements practices need to meet. Awareness of these developments is essential, and practices should look for a solutions provider that is actively keeping up to date with HIPAA changes and amendments, and adding the required updates to their software packages on an ongoing basis.
While being able to choose from a list of practice management and billing software that was HIPAA complaint would certainly make a practice manager's life easier, following these simple guidelines and working with a reputable solutions provider should ensure that your practice is managing its patient information in line with HIPAA requirements.Ready to Compare Medical Practice Management Software Price Quotes?