HIPAA Compliance

Title II: Preventing Medical Healthcare Fraud and Abuse, Administrative Simplification, and Medical Liability Reform

Title II addresses many more concerns relevant to the medical billing and coding field, namely, security and privacy requirements for handling a patient’s medical records and methods to simplify the billing and processing of claims. In addition, it establishes guidelines for electronic recordkeeping and electronic transactions between parties in the healthcare system.

Title II also stipulates how healthcare providers and insurance companies should avoid fraudulent activity. The law puts the Officer of the Inspector General (OIG) of the Department of Health and Human Services (DHHS) in charge of investigating and if necessary prosecuting those who commit fraud. Your responsibilities as a medical billing specialist will be discussed in the next section of this lesson.

The Privacy Rule

Title II expands security and privacy measures within the healthcare system with the creation of the Privacy Rule and the Security Rule. The Privacy Rule addresses how insurance companies and providers can handle patient information by regulating how they disclose the information to each other and to other entities that may require medical data. Under the Privacy Rule, medical billing and coding specialists must be careful not to share a patient’s Protected Health Information (PHI) with parties that aren’t covered entities (providers, insurance companies, etc.) as stipulated by Title II. A patient’s PHI includes the following data:

• The patient’s medical record, including present and past medical conditions or illnesses and treatments received for them
• The location and type of healthcare provider wherein the patient received care
• Any and all fees paid by the patient or a patient’s insurance company to cover healthcare expenses rendered by a provider

The Security Rule

The Security Rule, on the other hand, establishes the rules for protecting a person’s information and also explains how those rules can be enforced if necessary. The security rule explains how covered entities must collaborate to protect patient medical information. Part of this collaboration involves the creation of computerized physician order entry (CPOE) systems and electronic healthcare records (EHRs) that medical billing and coding specialists use everyday to file and process claims. The Security Rule also requires that any technologies developed by covered entities to facilitate their administrative work must be secure and up to standards established by HIPAA.

Title II also creates unique identifiers for providers, employers, and patients in an attempt to optimize communication between entities in the healthcare system and universalize the billing process. This is done in accordance with the Electronic Data Interchange (EDI) Rule set forth in Title II. The unique identifiers created for the EDI are either individual numbers or code sets assigned to covered entities for the use of electronic transactions and should have equal value and meaning for any medical billing specialist. Some of the unique identifiers include the following sets:

• The National Standard Employer Identifier Number (EIN) for tracking employers
• The National Provider Identifier Number (NPI) for tracking providers such as private clinics, hospitals, and nursing facilities
• The National Health Plan Identifier Number (HPID) for tracking participating health insurance companies

For medical billing and coding purposes, the standards set forth under Title II are important because they optimize the claims process. The format and transaction of electronic claims in particular is simpler and more secure now than ever before thanks to Title II of HIPAA.