HIPAA Articles and Resources

News and Important Information

A summary of the HIPAA law is included in Find-A-Code's specialty specific Reimbursement Guides as well as the ChiroCode DeskBook

A more thorough explanation can be found in the Complete & Easy HIPAA Compliance book which also includes editable and sample forms

Select the title to see a summary and a link to the full article. some articles require a subscription to view.

Aug 9th, 2022

How CMS Determines Which Telehealth Services are Risk Adjustable

by Aimee L. Wilcox, CPMA, CCS-P, CST, MA, MT

Medicare Advantage Organizations (MAOs) have gone back and forth on whether or not to use data collected from telehealth, virtual Care, and telephone (audio-only) encounters with Medicare beneficiaries for risk adjustment reporting, but the following published documents from CMS cleared that up once and for all by providing an answer to a question specifically related to this question.

Jul 20th, 2022

The 'Big 2' HIPAA Rules Medical Billing Companies Must Follow

by Find-A-Code™

HIPAA covers nearly every aspect of how medical and personal information is collected, utilized, shared, and stored within the healthcare industry. Title II of the rules is applied directly to medical billing companies and independent coders. The 'Big 2' rules that medical billing companies must adhere to revolve around privacy and security.

Jul 7th, 2022

New Audio-Only Telehealth Guidance to Meet HIPAA Rules

by U.S. Department of Health & Human Services

Covered entities (healthcare providers and health plans) can use remote communications, called telehealth, to provide services to patients as long as they follow certain guidelines. Because certain populations may have difficulty using audio-video telehealth, HHS is now issuing this guidance on audio-only telehealth. This guidance will help ensure that individuals can continue to benefit from audio-only telehealth by clarifying how covered entities can provide telehealth services and improve public confidence that covered entities are protecting the privacy and security of patients' health information.

Jun 21st, 2022

2022-06-16-MLNC - ICD-10-CM Diagnosis Codes: Fiscal Year 2023

by CMS - MLNConnects

News - Comprehensive Error Rate Testing Program Report: Sample Reduced for Reporting Year 2023 - Men’s Health: Talk to Your Patients About Preventive Services - Compliance - Implanted Spinal Neurostimulators: Document Medical Records - Claims, Pricers, & Codes - ICD-10-CM Diagnosis Codes: Fiscal...

Jun 14th, 2022

Using Health IT to Support Safer Use and Management of Controlled Substance Prescriptions

by Chelsea Richwine and Christian Johnson

New ONC data show that, as of 2021, nearly all non-federal acute care hospitals were enabled to electronically prescribe controlled substances (EPCS). According to the American Hospital Association (AHA) Information Technology (IT) Supplement Survey, the proportion of non-federal acute care hospitals enabled for EPCS increased from 67% in...

Apr 22nd, 2022

Substance Use Disorder Treatment Incentive Program Receives Go Ahead From the OIG

by Raquel Shumway

DynamiCare Health Inc. has developed a contingency management program for those dealing with substance use disorders. DynamiCare Health Inc. has developed a contingency management program for those dealing with substance use disorders. CM “addresses the brain’s reward response in ways that conventional counseling and medications often cannot.” Over a course of 50 years, it has shown that this program is effective. The OIG, upon analysis, has determined that there is low risk for fraud and abuse and has offered their opinion at the request of DynamiCare Health, Inc.

Mar 10th, 2022

Cybersecurity & Ransomware Warnings

by Wyn Staheli, Director of Content - innoviHealth

Although HIPAA Security protocols have been in effect for some time, as technology advances, if we are not diligent, gaps can be left available for intruders. On top of that, on February 23, 2022, the American Hospital Association issued a cybersecurity advisory. They stated, “there is concern that Russia may retaliate against the U.S. and allied nations with disruptive cyberattacks.”

Jan 11th, 2021

HIPAA Penalty Changes

by Wyn Staheli, Director of Content - innoviHealth

On January 5, 2021, H.R. 7898 was signed into law by President Trump. This new law modifies the HITECH Act such that when an organization experiences a breach, fines and/or penalties may be reduced if (for at least a year) they have instituted “recognized security practices” as defined within the law.

Jul 7th, 2020

New ABN Form is Here

by Wyn Staheli, Director of Content - innoviHealth

The anticipated changes to the Advanced Beneficiary Notice of Non-coverage (ABN) Form (CMS-R-131) have arrived. This important form is issued to the patient or client by providers, physicians, practitioners, and suppliers in situations where Medicare payment is expected to be denied. You can begin using the new ABN immediately if you so wish. However, it becomes mandatory on August 31, 2020.

Nov 12th, 2019

HIPAA Final Rule Eliminates HPID and OEID

by Wyn Staheli, Director of Content - innoviHealth

Final rule eliminates the requirement for health plans to obtain a unique health plan identifier (HPID) and also eliminates the voluntary use of the other entity identifier (OEID). This change becomes effective December 27, 2019.

Oct 11th, 2019

Why is HIPAA So Important?

by NAMAS

Why is HIPAA So Important? Some may think that what they do to protect patient information may be a bit extreme. Others in specialty medical fields and research understand its importance a little more. Most of that importance lies in the information being protected. Every patient has a unique set of ...

Jun 21st, 2019

Small Breaches Can Be Subject to Large Penalties

by NAMAS

Small Breaches Can Be Subject to Large Penalties We may have heard about the large fines issued by the Office for Civil Rights (OCR) against big organizations like Anthem or the University of Texas MD Anderson Cancer Center. These organizations have been in the news due to privacy breaches that constituted violations ...

May 6th, 2019

HIPAA Violation Penalties Revised

by Wyn Staheli, Director of Content - innoviHealth

On April 30, 2019 The Department of Health and Human Services (HHS) announced that “HHS will apply a different cumulative annual CMP limit for each of the four penalties tiers in the HITECH Act.” Unlike other notices which require a proposed rule with a comment period, this notice will take ...

Apr 15th, 2019

Watch out for People-Related ‘Gotchas’

by Wyn Staheli, Director of Content - innoviHealth

In Chapter 3 — Compliance of the ChiroCode DeskBook, we warn about the dangers of disgruntled people (pages 172-173). Even if we think that we are a wonderful healthcare provider and office, there are those individuals who can and will create problems. As frustrating as it may be, there are ...

Jan 22nd, 2019

Truncated ICD-10-CM Official Guidelines for Coding and Reporting

by Christine Woolstenhulme, QMC QCC CMCS CPC CMRS

Adherence to ICD-10-CM official guideline's are required under HIPAA and adopted for all healthcare settings. We have made it easy to access guidelines and made them available on the code information page, either on the page you are viewing or view more information by selecting the ICD-10-CM Chapter Section/Guidelines and ...

Dec 18th, 2018

Are HIPAA Changes Coming?

by Wyn Staheli, Director of Content - innoviHealth

On December 14, 2018, the Office for Civil Rights (OCR) issued a Request for Information (RFI). They are considering making changes to some of the HIPAA regulations. Earlier this year at the HIMSS (Healthcare Information and Management Systems Society) meeting, Roger Severino, the head of the Office for Civil Rights ...

Sep 24th, 2018

Q/A: Do I Have to Accept Any New Patient?

by Wyn Staheli, Director of Content - innoviHealth

Question: Is it legal for us to not allow a patient to be seen in our office if their parents have bad debt with us?

Aug 31st, 2018

Finalized Confidentiality of Alcohol and Drug Abuse Patient Records Regulations

by Wyn Staheli, Director of Content - innoviHealth

In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2). This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ...

Aug 3rd, 2018

Q/A: Is it Legal to Shred Archived Patient Records After a Certain Amount of Time?

by Wyn Staheli, Director of Content - innoviHealth

Shredding patient records. When is it appropriate? Read more to find out.

Jun 18th, 2018

Medicare Claim Submission Exceptions

by Wyn Staheli, Director of Content - innoviHealth

There are several exceptions to the Medicare "Mandatory Claim Submission Rule." What are they?

May 7th, 2018

Q/A: How Do I Respond to a Patient's Request to Not Submit the Claim to Their Insurance?

by Wyn Staheli, Director of Content - innoviHealth

A number of patients now have high deductible plans. Sometimes, deductibles can be $5000 or $10,000. My payer contract states that I must submit all claims to insurance for covered services. However, sometimes patients with these high deductibles come to my office and state that they would prefer to receive a modest discount for paying cash and in turn, not have their services submitted to insurance. As a doctor, this places me in a tough situation. Do I follow the patient's wishes or the payer contract?

Apr 23rd, 2018

Q/A: Someone Broke into My Office. What do I do Now?

by Wyn Staheli, Director of Content - innoviHealth

My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?

Feb 27th, 2018

Health Information Exchange and Trusted Exchange Frameworks

by Dugan Maddux, MD FACP

Despite progress in health IT, Health Information Exchange (HIE) remains squarely in toll booth mode, with gated stops and slowdowns that may or may not permit information to move forward. ...

Feb 5th, 2018

HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?

by Wyn Staheli, Director of Content - innoviHealth

Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date. The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ...

Jan 24th, 2018

HIPAA and the Opioid Crisis

by Wyn Staheli, Director of Content - innoviHealth

HIPAA and the Opioid Crisis guidance released by HHS.

Aug 16th, 2017

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

by NAMAS

August 4, 2017 Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology ...

Aug 4th, 2017

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

by NAMAS

Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ...

Aug 1st, 2017

HIPAA Training Requirements

by Wyn Staheli, Director of Content - innoviHealth

HIPAA Training must be an ongoing effort in every healthcare organization.

Apr 14th, 2017

Compliance Rules

by Melissa Hall

Can we send a survey to our patients and still be compliant? Are there rules that regulate this?

Feb 27th, 2017

How to Properly Dispose Protected Health Information (PHI)

by InstaCode Institute

HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner: Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed. Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ...

Jan 23rd, 2017

HIPAA Exempt Offices (Paper)

by Wyn Staheli, Director of Content - innoviHealth

It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ...

Jan 13th, 2017

Q/A: Is my Software Vendor a Business Associate to my Practice?

by Brandy Brimhall, CPC CMCO CPCO CCCPC CPMA QCC

Q: Is my software vendor a business associate to my practice?

Nov 29th, 2016

Medical Billing and Coders Professional Liability

by Holly Leavitt

Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm. The Federal Health Insurance Portability ...

Jun 7th, 2016

HIPAA Helps and FAQs

by Raquel Shumway

The Health Insurance Portability and Accountability Act (HIPAA) has been around for quite some time. There are many misconceptions about HIPAA compliance that our office still gets calls about. This page is to help clear up some of these misconceptions.

Apr 30th, 2016

Phase 2 of OCR HIPAA Audits Begins

by Wyn Staheli, Director of Content - innoviHealth

Phase 2 of HIPAA audits have begun. What do you need to know?

Apr 28th, 2016

An Important Rule that You're Probably Not Following

by ChiroCode™

The HIPAA Security Rule requires that covered entities (your practice) conduct a Security Risk Assessment (SRA) for your organization, at a minimum of once per year. It is critical that practices perform the Security Risk Assessment for multiple of reasons. Not only is it important to comply with rules and regulations, but also, for what you may consider to be a more motivational reason, to protect your practice (and bank account) from what could become disabling fines and penalties.

Apr 13th, 2016

HIPAA Proposed Rule to Update Substance Abuse Confidentiality Regulations

by Wyn Staheli, Director of Content - innoviHealth

On February, 9, 2016 HHS published proposed revisions (81 FR 6988) to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, 42 CFR Part 2. Find out what changes are being considered.

Apr 13th, 2016

Lack of Business Associate Agreement (BAA) Costs Non-Profit 1.55 Million

by Wyn Staheli, Director of Content - innoviHealth

Failure to have a properly executed Business Associate Agreements (BAA) costs one organization $1.55 Million. In today's highly technological environment, it is too easy to skip the necessary precautions and easy for electronic devices to get lost or stolen. Are you prepared?

Apr 6th, 2016

HIPAA Violations - The Process Is The Answer

by InstaCode Institute

It's not just the names and addresses that matter -- It's the compliance. If you can demonstrate that you are hleping yourself to maintain HIPAA compliance by careful documentation and proper procedures, you can go a long way toward avoiding being fined by the HIPAA squads. Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress.

Mar 16th, 2016

Protected Health Information De-Identification Standards

by InstaCode Institute

This article contains detailed information on the OCR guidance regarding the de-identification of Protected Health Information (PHI). Avoid HIPAA violations and learn specifically what de-identification is.

Feb 24th, 2016

Employee Exclusions Screenings Must be High Priority

by Wyn Staheli, Director of Content - innoviHealth

Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. This article has important information for organization to ensure compliance.

Feb 11th, 2016

What are the Rules for Safeguarding Patient Records?

by ChiroCode™

Secure medical records is a broad topic that should be addressed in detail by all practices. There are multiple items to consider when meeting standards to best safeguard protected health information (PHI).

Mar 18th, 2015

HIPAA Audits Still on Hold

by Christine Woolstenhulme, QMC QCC CMCS CPC CMRS

At HIPAA Summit, OCR head Jocelyn Samuels also outlines forthcoming efforts with ONC, FDA. Phase II of the federal HIPAA audit program remains "under development," Jocelyn Samuels, director of the Health and Human Services Department's Office for Civil Rights, said Monday at the 23rd National HIPAA Summit in the District of Columbia. Read ...

Feb 9th, 2015

Encryption

by Wyn Staheli, Director of Content - innoviHealth

How secure is your computer? Do you have a password on your computer? Do you have the automatic log offs turned on? Is your computer encrypted? Are your off-site storage files encrypted? This document is designed to give some basic information about making your office a little more secure. It is not ...

Jan 20th, 2015

HIPAA Helps and FAQs

by Wyn Staheli, Director of Content - innoviHealth

Oct 24th, 2014

Q & A: Is it a HIPAA Violation to Email Patients?

by Evan M. Gwilliam, DC MBA CPC CCPC CPC-I QCC MCS-P CPMA CMHP AAPC Fellow

Straight from the Office of Civil Rights: Q: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients? A: Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply ...

Oct 16th, 2014

Basic Fact Sheet on HIPPA Privacy and Security for Providers - CMS

by Christine Woolstenhulme, QMC QCC CMCS CPC CMRS

CMS has a released a fact sheet on HIPAA Privacy and Security basics for providers. Designed to provide education on covered entities and Business Associates under the HIPPA Privacy Rule. Examples of a Covered Entity would be: Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies Health Plans Clearing houses Any person or organization assisting in transmitting a transaction in electronic form, ...

Oct 16th, 2014

Is Compliance a Dirty Word?

by Evan M. Gwilliam, DC MBA CPC CCPC CPC-I QCC MCS-P CPMA CMHP AAPC Fellow

In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”. This advice has long been pushed ...

Sep 11th, 2014

According to HIPAA, who are my Business Associates?

by Brandy Brimhall, CPC CMCO CPCO CCCPC CPMA QCC

Providers work with many different groups and many of them have some interaction with Protected Health Information (PHI). In an effort to help us understand who qualifies as Business Associates the Department of Health & Human Services has provided some resources. But first … what is PHI or individually identifiable health information? ...

Sep 9th, 2014

Cyber Insurance? What kind of Insurance Policy it that?

by Christine Woolstenhulme, QMC QCC CMCS CPC CMRS

Due to the increase of medical transactions stored online and in the cloud, cyber intrusions will only increase. Cyber insurance also known as privacy and network security insurance can help cover the costs incurred if your computer system is compromised, or after a data breach which can include a HIPAA ...

Sep 9th, 2014

Do I Need Error and Omissions (E&O) Insurance for My Billing Company?

by Christine Woolstenhulme, QMC QCC CMCS CPC CMRS

Do I Need Error and Omissions (E&O) Insurance for My Billing Company? Over the years Medical billing has been considered low risk, now it has developed into a huge liability with HIPAA, E&O and Business Associate Agreements to name a few. HIPAA has rocked the world for small businesses. Looking at the ...

Jul 16th, 2014

Windows XP and HIPAA Non-compliance

by Wyn Staheli, Director of Content - innoviHealth

For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an 'addressable' requirement of Protection from Malicious Software where ...

Feb 19th, 2014

Are Text Messages HIPAA Compliant?

by Jared Staheli, MPP

As more and more people are using mobile and wireless devices, a new buzzword has emerged: mHealth. According to a National Institute of Health consensus group, mHealth is "the use of mobile and wireless devices to improve health outcomes, healthcare services and health research." Historically, the biggest gaps and HIPAA violations ...

Sep 30th, 2013

Are You Compliant with the New HIPAA Regulations?

by Jared Staheli, MPP

September 23rd, 2013 was the deadline for HIPAA Omnibus Final Rule compliance. It seems to have just snuck up on everybody. ChiroCode has spoken with some clincis who say that they don't need to worry about it because ”they are just a small practice.” Please, do not wait any longer to ...

Subscribers will see related documentation, coding and billing tips. Access to this feature is available in the following products:

HCC Plus
Find-A-Code Professional
Find-A-Code Facility Base

Select the title to see a summary and a link to the full webinar information. some webinars require a subscription to view.

May 5th, 2022

Links and resources by topic.

Auditing

Billing

CMS1500

COVID-19

Claims Processing

Compliance

Documentation

EHR

Federal Register

Fees

HIPAA

Medicaid

Medicare

Practice Management

Security

Technology

TeleMedicine

HIPAA Books & Training

Laws & Regulations

suggest a resource

If you know of a resource that should be included here (links, data, etc.) please contact us.

Thank you for choosing Find-A-Code, please Sign In to remove ads.

MY NEWSLETTERS

FEES

FACILITY

RISK ADJUSTMENT

HIPAA Articles and Resources

News and Important Information

HIPAA Books & Training

Laws & Regulations

suggest a resource