HIPAA Implications for Medical Coding Specialist - Research Paper Example

? HIPAA Implications for Medical Coding Specialist HIPAA was enacted in 1996 as a provision to improve the affordability, quality and access of health services in the US. It is aims at protecting the patient’s privacy right while allowing the flow of information. The Act has identified various entities that should comply with the provisions. The Department for Health and Human Services is mandated to implement this act. This paper will elaborate how the adoption of this act has affected how medical coding specialists carry out their business. It will further elaborate the provisions in the Act for which the coding specialists are expected to follow. The adoption of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 has brought various changes in the health sector. The Act was aimed at improving accessibility, affordability and quality of health services in the USA. It is made of several titles, which addresses various issues in the health sector. The Administrative Simplification provision, Title II, requires the Department of Health and Human Services (DHHS) to institute national rules that govern the transfer of electronic information in the health sector. It also necessitates that department to establish national identifiers for the health plans, providers and employers who participate in the health sector (Centers for Medicare and Medicaid Services 2012). Currently, the adoption of HIPPA rules has encouraged the use of electronic data interchange. The Act identifies various entities, so called covered entities, which are expected to comply with the provisions of the act. These include health plans, health care providers and clearing houses (CMMS 2012). These entities are expected to certify their compliance to the rules. Failure to certify and comply with HIPAA regulation will attract a preset penalty. This paper will seek to elaborate the implications of HIPAA to the medical coding specialist. The Administrative Simplification Provision is one of the most important titles in the Act. It deals with enhancing the patient’s rights, efficient electronic transmission of health information as well as promoting security and privacy of health information. This title aims at fighting fraud, abuse and waste of resources in the health care industry. The title requires the adoption of the following rules: privacy and security standards, transactions and codes as well as unique identifiers. Failure to comply with these standards will carry substantial penalties, which may include criminal and monetary penalties (Krager & Krager, 2008). The Act has identified various entities, which are expected to comply with these provisions. These are referred to as the covered entities. They include health care providers, health plans and health care clearing house (CMMS, 2012). The health care providers are those who transmit health care information related to specific transactions. They include doctors, pharmacies, dentists and nursing homes. Health plans are individuals or groups that pay the cost of the medical services. These include community health plans, health insurance companies and government programs that cater for medical costs, for example, Medicare. A health care clearing house processes non standard information received from other health care entities to standard formats. Information is transmitted electronically from the health providers to the health plans using various different formats. Previously, the health sector used more than 400 different formats in transmission of these data. HIPAA dictates that information should be transmitted using standard formats. These helps reduce the administrative costs used in handling the information. HIPAA introduced the Electronic Data Interchange (EDI) formats used for transmission of information between the covered entities. Under this act, code sets refers to codes used to identify various data elements. These include diseases, cause of injury, impairments, supplies, equipments or other items used in the delivery of health care services. The code sets are required for information elements used in financial and administration of medical information adopted under HIPAA for the diagnosis, drugs and procedures (Hartley, 2004). HIPAA has adopted various codes to be used with handling health information. These include ICD-9-CM used for diagnosis and procedures; CPT-4 used for physician procedures; CDT used for dental procedures; National Drugs Codes and other supporting codes identified by the Act (CMMS,2012). Medical coding specialists are involved in converting symptoms, diagnosis, drugs and procedures into codes. The introduction of HIPAA compliant code sets means that the medical coding specialists have to implement codes that are compliant with the Act. These specialists receive information from the health plans and health care providers and convert the information into specific codes. This means that this specialist must understand the enforcement and implementation of the HIPAA provisions and standards. In the Act, the Privacy Rule identifies national standards to protect the individual’s medical records as well as the Personal Health Information (PHI). This provision is implemented by the Office of Civil Rights (OCR). According to the Act, PHI is defined as the information that can be used to identify a health consumer. These include bio demographic data, past medical history, family and social history and the individual’s diagnosis. This Act aims at limiting the use and disclosure of PHI by the covered entities (Krager & Krager, 2008). According to HIPAA, information is only disclosed to the individual who is the subject of the information, government during their analysis and in other special circumstances stipulate by the act. Under the Privacy Rule, the covered entities should obtain authorization from the subject individual before disclosing any information termed as PHI. It must practice the “minimum necessary” principle of the Privacy Act (CMMS, 2012). This means that the covered entities should impose policies that limit the information transmitted regarding an individual. Application of this policy means that the information obtained by the coding specialist should comply with the privacy rule. HIPAA seeks to protect the client’s right by ensuring that the individual’s privacy rights are protected. The security standard seeks to establish national security provisions for safeguarding certain health information that is transmitted in electronic form. This regulation help in implementing the privacy rule by taking care of the non-technical and technical issues. The current growth in the health sector has seen the elimination of the manual handling of health information (Hartley, 2004). Security provisions seek to promote the Privacy rule while allowing for the adoption of new technologies in the health sector that improve the quality and efficiency of providing services. These regulations do not apply to information transmitted orally or in written form. The Security Provision has significantly influenced how the medical coding specialists carry out their business. The Act requires these firms to handle the patient’s information in a manner that ensures integrity, confidentiality and accessibility when needed (CMMS, 2012). According to HIPAA, integrity means that the information from the client is not altered. Confidentiality implies that these firms strictly comply with the Privacy rule. The coding firm must implement policies that limit the accessibility and use of PHI. The medical coding specialists have to carry out risk management and analysis projects. This involves identifying the most appropriate coding system for their covered entity client. Today various systems are used by the covered entities. These include Electronic Health Record (EHR), Computerized Physician Order Entry (CPOE) and other systems used in transmitting health information (Hartley, 2004). The risk analysis process involves evaluating the potential risk to the electronic PHI. It also encompasses evaluating appropriate measures that address these risks. The coding specialists are expected to document the measures used to address the potential risk. Following the adoption of HIPAA, the coding specialists are expected to maintain continuous security protection on the patient’s personal health information. The Act stipulates that the coding specialist companies should implement a security department. These are persons mandated to ensure the security of the patient’s personal health information. The entity must also implement access, audit and integrity controls as well as transmission security. These are technical measure, which include software and policies aimed at protecting the individual’s PHI. The coding company has to undertake these costs so as to ensure that they safeguard health information (Hartley, 2004). It is important for the covered entities to implement the national standards stipulated by the Act. The Office of Civil Right under the Department of Health and Human Services is responsible for enforcing and administering these standards (DHHS, 2012). It also has the mandate to carry out investigations and compliance reviews. The OCR expects the cooperation of the coding companies during the review. This means that the coding company is forced to surrender their information to the government for review. During these reviews, the OCR seeks to identify whether the coding company complies with the national standards identified by HIPAA (Rudman, 2009). Failure to cooperate may attract a substantial penalty. Furthermore, failure to comply with the Privacy and Security rule will subject the coding company to criminal persecution. Penalties or charges depend on the time frame and the circumstances surrounding the situation. The coding company may be summoned to explain the circumstance under which the breach of the privacy rule occurred. The Department of Justice is given the mandate to carry out criminal prosecutions in case the coding company fails to comply with the Act. In case of a criminal charge, the monetary fine may be as high as $250,000 accompanied with a jail term of up to 10 years depending with the circumstances of the breach(CMMS, 2012). The Act has created various programs to counter fraud and abuse in the health sector. This is also included in Title II. HIPAA defines fraud as intentional and willful attempt to defraud property or money from a health benefits program. On the other hand, abuse is unintentional activities that result in overpayment of health care services by the health care providers. Fraud and abuse may result from wrong representation of information using wrong Current Procedural Terminology codes, falsifying information in the medical records and billing for services not rendered. The government carries continuous reviews to ensure that covered entities do not commit fraud (Rudman, 2009). It is the duty of the coding specialists to implement programs that help eliminate fraud and abuse in the health sector(CMMS, 2012). This involves the use of training and education programs, data modeling and mining programs as well as the use of computer assisted coding systems. The government, on the other hand, should set up firms to enforce fraud and abuse monitoring programs. The computer based software is useful as it automatically creates a set of codes for validation, review and use based on the information generated by the health care providers. This will help reduce the cost incurred by the coding companies in coming up with effective and efficient codes for health information (Hartley, 2004). Furthermore, this software provides an audit trail that provides post payment records that can be used to detect fraudulent activities and coding errors overtime. In conclusion, HIPAA was set up in the US during a time when the health sector was undergoing various changes. The health sector was adopting the use of computers in handling and transmitting information. HIPAA is aimed at ensuring that the rights of the patients are not violated while preserving the quality of services delivered. It is the duty of all covered entities to implement and comply with the national standards stipulated by HIPAA. The Medical Coding Specialist supports health care providers and plans in coming up with codes that are HIPAA compliant. This means that the coding specialists also handle personal health information(DHHS, 2012). It is thus important for the medical coding specialist to comply with the national standards set up by the Act. Reference List Centers for Medicare and Medicaid Services. (2012). The HIPPA Law and Related Information. Retrieved from https://www.cms.gov/hipaageninfo/ Hartley, C. (2004). HIPAA plain and simple: A compliance guide. NJ: Prentice Hall. Krager, C., & Krager, D. (2008). HIPAA for health care professionals. NY: Delmar. Rudman, W. (2009). Health Care Fraud and Abuse. Perspective Health Information Management, 6 (1), 11-18. U.S. Department of Health and Human Services. (2012). Summary of the Privacy Rule. Retrieved fromhttp://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html Read More