20 Mar Protecting Private Information in Medical Billing
The security and privacy of patient health information is a top priority for many people. Healthcare providers, government organizations, and medical facilities all follow certain federal laws and policies to protect private medical billing information. Whether your patients’ private information is stored on paper or electronically, the healthcare agency is ultimately responsible.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 implemented certain privacy, security, and breach notification rules. These are federal laws that protect patients’ health information. The Privacy Rule gives the patient certain rights with respect to his or her health information.
In addition, this rule sets limits on how the health information can be used or shared with other agencies and persons. The Security Rule sets guidelines for home the health information is to be stored, with many technical, administrative, and physical safeguards.
EHRs and Data Security
As healthcare organizations modernize their medical record keeping and billing processes and systems, the use of electronic health records (EHR) and other technologies offer opportunities for improved practice management and patient care. However, more electronically stored personal medical information means privacy breaches could occur. Protecting security and privacy of these data is critical to the integrity of EHRs.
A series of Office of Inspector General (OIG) audits recently revealed that some hospitals lack sufficient security features, which could mean patients’ protected health information is exposed. Vulnerabilities found included inadequate encryption, unsecured wireless access, authentication failures, and access control problems. This organization also found security breaches in data stored by Center for Medicare Services’ contractors.
More than 5,000 Medicare physician identifiers and around 300,000 Medicare beneficiary numbers have been compromised in past years. Protecting patients’ and providers’ information is critical due to fraud perpetrators who use this information to file false claims. Because of this, the federal government plans to spend $20 billion on Medicare and Medicaid EHR incentive programs. This will assure more security and prevent against fraud.
The Patient’s Rights
Under the new federal regulations, patients have certain rights regarding medical records and medical billing information. These are:
- Right to be informed on how the doctor will use personal health information. Many doctors, insurance companies, and hospitals must give patients a Notice of Privacy Practices. This form tells the patient how his or her health information will be used.
- Right to set limits on who gets to see personal health information. The doctors, insurance companies, and healthcare agencies must ask for the patient’s written permission before any health information is released.
- Right to authorization. A patient’s written permission to release health information is called an “authorization.” This document states what information can be released, for what purpose the information is to be released, and to who it goes to.
- Right to ask the doctor or health plan to contact the patient in certain ways and at certain locations. The healthcare workers will ask the patient to specify how they wish to be contacted, and at what location they can call or ask for the patient.
- Right to be informed when personal health information is given out. The healthcare providers must inform the patient when his or her health information is transferred or sent to an agency. This is referred to as “accounting of disclosures.”
- Right to stop unwanted mail about new medical services or drugs. Healthcare providers must ask you to give consent before they give or sell your health information for marketing purposes.