HIPAA Compliance: Make sure you know ALL the rules

February 26, 2024

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law restricting access to individuals’ private medical information. That much, I’m sure, our readers already knew.

But you might be surprised at how much confusion remains about what constitutes “private medical information.” Based on discussions with others in our field, we’re not sure what most respondents would say if we polled providers and coders on whether the medical record number is a component of HIPAA. A new year provides a good opportunity for a quick review, since we deal with HIPAA-related issues daily.

So, what bits of data come to mind when you think of HIPAA? Patient names? Date of birth? Social Security numbers? All three of these require protection. However, 15 other pieces of information are also covered under HIPAA. Here’s the complete list from the U.S. Department of Health and Human Services:

  • Patient names
  • Geographical elements (such as a street address, city, county, or zip code)
  • Dates related to the health or identity of individuals (including birthdates, date of admission, date of discharge, date of death, or exact age of a patient older than 89)
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health insurance beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers
  • Device attributes or serial numbers
  • Digital identifiers, such as website URLs
  • IP addresses
  • Biometric elements, including finger, retinal, and voiceprints
  • Full-face photographic images
  • Other identifying numbers or codes1

1https://www.dhcs.ca.gov/dataandstats/data/Pages/ListofHIPAAIdentifiers.aspx

All of the above are private information and should be treated with care. If you are sending out confidential information, remember that it always should be encrypted. Discussion of patients and patients’ information is also a HIPAA violation if it occurs in public areas, so be careful of your surroundings. Remember not to discuss a patient’s care or treatment in hallways, elevators, or other places where it might be overheard. And if you’re not sure whether certain information is protected under HIPAA, follow this one general rule: Err on the side of caution.

Don’t miss our “Ask the Experts” Q&A webinar on March 27!

Click here to register: https://zoom.us/webinar/register/WN_DR96lTB4QVWgI5b2wxmKuw
If you have an E/M coding question you’d like our experts to address during the webinar, please submit it here: https://survey.hsforms.com/1AI9VoMe-SK6MSUuAypFnmgnig0s

 

Got a question about E/M coding? We’d love to hear from you.

Submit your questions by emailing us at coders@calmwatersai.com

 

Download PDF

Michelle Sergei-Casiano
Michelle Sergei-Casiano
Michelle Sergei-Casiano
CPC, CFPC, CEMC, CPMA Senior Manager, Regulatory and Coding Compliance coders@calmwatersai.com

 

More Coffee & Coding

The Problem with Independent Historians

The Problem with Independent Historians April 8, 2024 In most cases, we know who independent historians are: mothers, fathers, guardians, grandparents, or adult children. But we still see many instances when the term is incorrectly applied in the documentation—mostly,...

Making Complexity of Problems a Little Less Complex

Making Complexity of Problems a Little Less Complex April 1, 2024 We see a lot of questions (and confusion) over what constitutes an “acute illness with systemic symptoms.” In fact, according to the American Academy of Pediatrics, “Of the three elements that make up...

Making the Right Choice Between Level 3 and Level 4: Part Two

Making the Right Choice Between Level 3 and Level 4: Part Two March 25, 2024 In last week’s Coffee & Coding, we provided a refresher on key points to remember about coding appropriately for Level 3. This week let’s do the same for Level 4. Level 4 can be a little...

Level 3 or Level 4: Getting It Right

Level 3 or Level 4: Getting It Right March 18, 2024 Guidelines notwithstanding, deciding whether to apply Level 3 or Level 4 to a patient encounter isn’t always easy. In fact, we see a lot of inconsistency and confusion on this point. While many clinicians accurately...

Ending Confusion over Modifier 25

Ending Confusion over Modifier 25 March 11, 2024 It’s a big week here in Boston (my hometown). Sunday, of course, is St. Patrick’s Day. Here in Boston, we also remember March 17 as Evacuation Day—marking the anniversary of the British army leaving the city in 1776....

MDM Level 5: A Quick Refresher on a Complex Subject

MDM Level 5: A Quick Refresher on a Complex Subject March 4, 2024 We continue to see that, across all medical specialties, physicians are still nervous about billing for Level 5 office visits. I consistently find that many (if not most) providers code for Level 4 even...

Making sense of the new coding-by-time rules for 2024

Making sense of the new coding-by-time rules for 2024 February 19, 2024 We all know that the new year brings changes (some years, more than others). As it turns out, no sooner had we gotten clinicians on track with how much time belongs to the E/M CPT code set than...

How do you code a broken heart?

How do you code a broken heart? Plus: We answer your questions about toxicity monitoring. February 12, 2024 First things first: While remembering to apply the proper codes and include sufficient documentation, providers and coders must not lose sight of one essential...

Documentation Tips and Tricks: How to Avoid Common Mistakes

Documentation Tips and Tricks: How to Avoid Common Mistakes February 5, 2024 Every day we see coding mistakes that affect the accuracy of E/M coding levels. Some of them can be costly. So, in this issue of Coffee & Coding, we’ll look more closely at some of these...

Toxic diagnosis coding: What you may be missing

Toxic diagnosis coding: What you may be missing January 29, 2024 Three quick questions: When did you last look in that little section towards the back of your ICD-10 coding book called the Drug Table? How often have you coded an adverse reaction to a bug bite as...

Why and how to use the new SDOH codes

Why and how to use the new SDOH codes January 22, 2024 Social Determinants of Health (SDOH) have become increasingly important in determining the needs of patients and directing them to the help they need. For 2024, we have both a new diagnosis code as well as a new...

The long-awaited G2211 code: What you need to know

The long-awaited G2211 code: What you need to know January 15, 2024 There’s an important new code for 2024, and it pays (literally*) for you to know how and when to use it. Up to this point, E/M coding has failed to take into account the resources, time, and cost...

What’s changed in telehealth services?

What’s changed in telehealth services? January 8, 2024 The other day, another coder asked me whether post-operative services could be performed under telehealth. It occurred to me that there are probably more coders with the same questions. So, we’re devoting this...

Don’t Toss Those Old Code Books Just Yet

Don’t Toss Those Old Code Books Just Yet January 2, 2024 Welcome to 2024! After all the preparations, training, and education, are you ready to implement what we learned over the past four months about coding changes? Here are a couple of the most critical secrets to...

Common Coding and Documentation Problems You Can Avoid

Common Coding and Documentation Problems You Can Avoid December 26, 2023 In the spirit of the season, we’re offering you a holiday treat this week. Nearly 100 people signed up for our recent Zoom webinar: “Cracking the Code: Addressing Common Problem Areas in Medical...

Subscribe to Our Weekly Coffee & Coding Newsletter