What is HIPAA?HIPAA is an acronym for the Health Insurance and Portability and Accountability Act, which President Clinton signed into law in 1996. While it serves many different purposes related to healthcare in the United States, its primary goal is to modernize the ever-increasing flow of healthcare information. It also aims to prevent fraud and identity theft, as well as limitations on healthcare coverage. Most people’s experience with HIPAA extends to the paperwork they fill out at the doctor’s office limiting who has access to their medical information.
HIPAA and Medical BillingAs we’ve stated, HIPAA’s major role is medical privacy, though it does govern many issues beyond that. In terms of medical billing, HIPAA establishes standards for electronic medical transactions which include:
- Diagnosis codes
- Treatment codes
- Transaction codes
- Specific billing formats
- Insurance claims formats
- Medical clinics
- Emergency rooms
- Insurance companies
HIPAA and PrivacyAs far as privacy goes, HIPAA has requirements that medical providers and their offices must follow in order to safeguard health information, having an indirect impact on billing. These requirements ensure that our private health information is protected and not used inappropriately, and it also establishes how providers can legally use patients’ health information.
If a medical provider is in violation of HIPAA regulations, or a breach occurs that exposes personally identifiable medical information, there are serious consequences including fines and lawsuits. This aspect of HIPAA also impacts medical billing because of the transfer of sensitive, personally identifiable health and financial information to other parties.
Breaches and Non-ComplianceIf an entity is not compliant with HIPAA regulations, the company will undoubtedly face fines and some type of punishment. What is worse than non-compliance, however, is a data breach. A data breach occurs when personally identifiable health information is accessed and/or used by an unauthorized person or through non-compliance. Data breaches are a very serious matter and result in long and costly lawsuits, as well as expensive forensic investigations, notification of all who are affected, remediation to those affected, and more.
HIPAA and Collection AgenciesHIPAA regulations affect collection agencies if they are dealing with medical debt. They must sign a HIPAA Business Associate Agreement to indicate they will comply with HIPAA regulations that involve protected health information. In order to collect a medical debt, collection agencies do not need detailed information about your health and medical history unless it is directly involved with the debt they are trying to collect.
Collection agencies are also responsible for making sure that any protected health information they do receive is secured from unauthorized access. The office or clinic that turns a medical debt over to a collection agency is responsible for making sure they only provide the minimum amount of information needed to collect the debt.
If you believe that the collection agency that is trying to collect your medical debt has too much of your personal health information, you will likely be able to use this as a negotiating point. Through the threat of a lawsuit for HIPAA violations, you can convince a collection agency to delete your bill after you have paid it, rather than just marking it a paid debt. Keep in mind that a paid collection will still count against your credit score, but a deleted bill will not.