Spotlight on HIPAA Compliance in Healthcare Transactions

by | Last updated Jul 1, 2023 | Published on Mar 31, 2015 | Resources, Articles | 0 comments

Share this:

The Healthcare Information Portability and Accountability Act (HIPAA) have been instituted to ensure the safety and confidentiality of electronic health data.  If you are a physician, your practice should have stringent measures in place to safeguard medical data, including HIPAA-compliant medical billing and coding practices. If you outsource these tasks, your service provider should have administrative, physical, and technical safeguards to ensure the security of the data you entrust them with.

Compliance with HIPAA extends to all healthcare entities including insurance companies. The recent Anthem breach is an instance of how personal information of millions of insured individuals was compromised, and it’s being debated as to whether this constitutes a violation of HIPAA.

The Anthem breach

While reliable medical outsourcing companies can provide secure HIPAA compliant solutions for physicians, insurance companies are at significant risk of data hacking. Currently, the healthcare industry is in a precarious situation with the news of the hacking of Anthem’s confidential patient and employee health information being hacked.

The extent of the breach could potentially be large since while the incursion was only detected at end of January 2015, there are still many unanswered questions as to when the hacking began and how much data has been lost. Up to 80 million records have already been found breached. Many believe it could well be the largest hacking of data ever reported by an organization in the healthcare industry.

According to the health insurer, the breach involved details such as names, social security numbers, birthdays, addresses, income date and other employment information, and email IDs. However, reports indicate that no theft of medical information, credit card details or other financial information has been detected yet. Anthem called the attack a “sophisticated” one with the aim of gaining unauthorized access to the company’s IT systems. The consumers whose information was hacked included not only current consumers but also previous ones.

Identity theft in the healthcare industry is serious as it cannot be detected immediately, unlike similar issues in the financial sector. Patients or providers could come to know of the breach only after years, by which time, the data could have been misused. Anthem said it would inform each of the affected persons individually, but that they would have to face the effects of the theft all through their lives.

To help victims be on guard, Anthem said it would provide them with free credit monitoring as well as identity protection. These will send alerts to customers in instances of suspicious activity on their reports and also when anyone else uses their identity.

What consumers can do?

Experts believe that the victims should not wait for Anthem’s measures but rather take steps themselves by signing up for fraud alerts. This would help them stay on guard till Anthem’s credit monitoring service is set up. A fraud alert can prevent or check for anyone masquerading as the victim taking a loan. Lenders would take extra measures to ensure the identity of the individual.

What healthcare providers should do?

The Anthem experience throws up some important lessons. The following measures could help healthcare entities guard against a cyber attack:

  • Conduct Risk Assessment. Healthcare providers should perform a security audit on a regular basis as this is a requirement under HIPAA
  • All information that is stored or transmitted should be encrypted. One report says that Anthem had not encrypted stored personal data
  • Install a firewall in the form of hardware or/and a software configuration that would block all traffic and allow only valid and necessary connections
  • Frequently change passwords for all computer systems and make sure that the passwords are strong
  • Train staff on HIPAA compliant policies

Importance of Choosing a HIPAA Compliant Outsourcing Partner

All healthcare organizations that keep or transmit electronic health information must ensure HIPAA compliance.  Non-compliance can result in severe civil and criminal penalties. That’s why it’s critical that physician practices looking to outsource their medical billing and coding tasks choose a HIPAA compliant service provider.

Experienced medical billing companies have stringent measures in place to ensure that all personal health information (PHI) they receive remains secure and confidential. Their team of medical coders and billing specialists are well-trained in HIPAA requirements to help physicians maintain compliance with the latest federal regulations.

Related Posts

  • Natalie Tornese
    Natalie Tornese
    CPC: Director of Revenue Cycle Management

    Natalie joined MOS’ Revenue Cycle Management Division in October 2011. She brings twenty five years of hands on management experience to the company.

  • Meghann Drella
    Meghann Drella
    CPC: Senior Solutions Manager: Practice and RCM

    Meghann joined MOS’ Revenue Cycle Management Division in February of 2013. She is CPC certified with the American Academy of Professional Coders (AAPC).

  • Amber Darst
    Amber Darst
    Solutions Manager: Practice and RCM

    Hired for her dental expertise, Amber brings a wealth of knowledge and understanding of the dental revenue cycle management (RCM) services to MOS.

  • Loralee Kapp
    Loralee Kapp
    Solutions Manager: Practice and RCM

    Loralee joined MOS’ Revenue Cycle Management Division in October 2021. She has over five years of experience in medical coding and Health Information Management practices.