HIPAA Malpractice and What You Need to Know

HIPAA Malpractice and What You Need to Know

HIPAA compliance is the most important consideration for medical billing specialists. Billers work with personal, confidential and sensitive patient information and they’re tasked with protecting that data. In this informative article, Nitin Chhoda shares the 18-point HIPAA protected list and how it affects billers and practices.


The privacy laws encompass the way patient records are stored, disclosed and transmitted according to electronic data interchange (EDI) standards.

To accomplish this, integrated electronic medical record (EMR) software is essential. It contains a myriad of security safeguards, along with the ability to identify potential problems with reimbursement claims.

Practices, billers, clearinghouses and healthcare insurance providers that fail to take appropriate precautions when transmitting claims and working with the information can find themselves facing fines and criminal penalties.

An EMR has the ability to identify security breaches and notify those within the software’s network.

Malpractice Insurance

Disclosing personally identifiable information to any unpermitted outside entity can result in malpractice or negligence litigation. What many in the healthcare industry aren’t aware of is that many standard liability and malpractice insurance policies don’t provide coverage for HIPAA violations. The policies may offer coverage for some risk factors, but few insurers are offering policies that reflect changes in HIPAA privacy laws.

Some Exceptions

There are exceptions to every rule and HIPAA standards indicate that some information can be disclosed if it’s scrubbed or re-identified of personal data. One exception is in the pursuit of medical research. Patients who may want to participate in such studies must provide written authorization.

Clients must be provided with a complete, written explanation of the parameters, along with the knowledge that they can revoke their authorization and how to do so. Data may also be disclosed for public health reasons once all of the 18 elements have been removed.

HIPAA’s Top 18

HIPAA has a list of 18 identifiers within patient records that must be safeguarded. The following is a list of the 18 elements within client records that are covered under the HIPAA privacy rule:

  1. Names
  2. Addresses and geographic locations
  3. Age and/or date of death
  4. Dates of treatments, hospitalizations and admissions
  5. Social Security number
  6. Phone or cell phone numbers
  7. Fax numbers
  8. Email addresses
  9. Medical record numbers
  10. Beneficiary and account numbers
  11. Driver license numbers
  12. Vehicle and serial numbers
  13. Device identifiers
  14. Website URLs
  15. IP addressesHIPAA compliance
  16. Biometric identifiers including fingerprints or voiceprints
  17. Photographic and comparable images
  18. Other personally identifiable information unless permitted through re-identification.

An EMR is a digital link to every facet of a client’s healthcare history and can be accessed by multiple healthcare practice management providers, and offers a superior level of security to safeguard the storage and transmittal of patient records.

It’s essential that any individual or facility that handles client records obtain training and have an in-depth understanding of HIPAA regulations to avoid malpractice lawsuits.

HIPAA : What Is It, Really?

HIPAA : What Is It, Really?

The Health Insurance Portability and Accountability Act (HIPAA) was designed to protect the staff and patients alike. The guidelines and intentions for the creation of this act are explained in this article, along with their implications for your practice.

HIPAA definitionHIPAA or the Health Insurance Portability and Accountability Act has been around since it was enacted in 1996. All healthcare practice management must be familiar and compliant to this law.

Like most legislation, HIPAA is complex and can be difficult to understand. However, the basic ideas behind HIPAA are very interesting and can be explained relatively simply once you parse out the legal language. HIPAA is divided into two Titles.

Title I: Health Care Access, Portability, and Renewability

The legal ramifications of Title I of HIPAA favor individual staff members and attempts to protect people from insurance company policies that are unethical or dangerous.

For example, if you start working at a new job and are switching from your old group plan to a new group plan through your new employer, HIPAA prohibits your new health insurance company from denying you coverage of a pre-existing condition.

Many health insurance companies will do anything to avoid paying for healthcare for their clients. If a potential new client has a pre-existing condition that will cost the insurance company money, they can refuse to pay for benefits relating to the condition for 12 months after the client has enrolled in the plan.

However, if you had health insurance that was providing you with care before the transfer, you can reduce those 12 months because of HIPAA.

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

Title II is the part of HIPAA compliance that most people are familiar with. Title II pertains to privacy and security of health information, including medical records and health records. The five rules set forth in HIPAA Title II cover everything from the physical security of hard copies of medical records to the safe transmission of electronic health records.

Title II also protects the privacy of patient information by regulating how insurance companies, employer sponsored health plans, and healthcare providers can and cannot share your private information.

Title II is broken into five rules.

The Privacy Rule protects you from businesses that might want to sell your medical information to other interested parties, i.e.: an insurance company selling private patient medical records to a pharmaceutical company that may then be able to target you with advertisements of their products.


The Transactions and Code Sets Rule attempts to standardize health care transactions. To accomplish this, a number of forms were developed to simplify the process of transferring health records and filing claims.

Some problems have arisen due to the complexity of the process and implementation has not been smooth. As a result, an update has changed some of the original procedures.

The Final Rule on Security Standards details how specific safeguards must be put into place to protect patient information. HIPAA’s Privacy Rule says that information must be protected, and the Security Rule talks about how it is protected.

The Unique Identifier Rule made all health care providers adopt a unique ID number. And the fifth rule, the Enforcement Rule, is meant to deter those violating HIPAA by putting financial penalties in place.