Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Understanding HIPAA Security Standards
By Richard J. Mata; MD, MS
One concept that is stressed by HIPAA is the “minimum necessary” rule, which states the minimum use of personal health information [PHI] that can be used to identify a person, such as a social security number, home address, or phone number. Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information. This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties. The “minimum necessary” rule is also changing the way software is set up and vendor access is provided.
Chain of Custody
Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally [within your hospital, Emerging Health Organization, or medical practice) and externally [such as through your business associates]. The patient has the right to know who in the lengthy data chain has seen their PHI. This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally. When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.
Enter the Designated Record Set
One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient. It is up to the hospital, EHO, medical practice, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale.
Assessment
Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls. For more information about the Security Standards final rule, reference the Federal Register.
Conclusion
In the age of Twitter, IMing, blogging and texting, some young doctors are forgetting the basic fundamentals of patient privacy. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
Get our Widget: Get this widget!
Our Other Print Books and Related Information Sources:
Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759
Physician Financial Planning: http://www.jbpub.com/catalog/0763745790
Medical Risk Management: http://www.jbpub.com/catalog/9780763733421
Healthcare Organizations: www.HealthcareFinancials.com
Health Administration Terms: www.HealthDictionarySeries.com
Physician Advisors: www.CertifiedMedicalPlanner.com
Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Sponsors Welcomed
And, credible sponsors and like-minded advertisers are always welcomed.
Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise
Share this:
Filed under: Health Insurance, Health Law & Policy, Information Technology | Tagged: david marcinko, designated record set, EMRs, HIPAA, minimum necessary rule, PHI, Richard Mata |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
The whole process of medical billing and coding would start much ahead of the patient actually turning up at the medical center and finishes long after the patient has been diagnosed and prescribed medicines. This is to avoid any delay, inaccuracy or miscommunication during filing for insurance claim.
Hence it is important to verify and rectify the insurance benefits much before the patient lands up at the clinic. After the doctor has seen the patient, his observations are recorded in the medical record which is converted into appropriate codes for coding the insurance claim.
Richard Peach
LikeLike