HIPAA Rules for Billing Services

Privacy Rules

• The privacy section of the HIPAA is what regulates the use and disclosure of protected health information. This information includes anything that concerns provision of health care, payment for health care, or health status that can be linked to a single individual. In addition, the privacy rules can be interpreted broadly and also includes any part of a person's payment history or medical record.

Security Rules

• Security rules are equally important and complement privacy rules. The electronic version of the privacy rules, the security rules essentially deal with the electronic protected health information and has three different types of safeguards which are required in order for a business to properly follow HIPAA.

Administrative Safeguards

• Access to the EPHI, or electronic protected health information, is restricted to those who need the information to complete their jobs. The information is only allowed to be handled by those employees who have undergone training to show that they know how to handle PHI, or protected health information. PHI is generally the paper format of the EPHI.

Physical Safeguards

• This safeguard requires that access to health care information is carefully controlled and monitored. Access to any equipment is limited to those individuals who are completely and properly authorized. In addition to this, the workstations are not allowed to be anywhere near the public eye and the screens must always be placed away from those who do not have the proper authorization to view the information.

Technical Safeguards

• Essentially, this safeguard is what puts the encryption in place and ensures that the information is safe and secure when being transferred from one hospital, doctor's office, or computer to the next. In addition to this, those who handle the technical safeguards are responsible for keeping any eye out for any tampering or erasing of data.