SUBJECT: HIPAA Compliance
The hospital is relatively new and, thus, it requires several changes needed in order to meet the standards for Health Insurance Portability and Accountability Act (HIPAA) compliance. One of the improvements needed to meet that end is to change the existing insurance billing scheme from paper to electronic form. The hospital is already doing most of its transactions electronically except with the insurance billing department. In lieu of this proposed changes, it is only fitting that the upgrade of the insurance billing mechanisms to electronic form should be well within the bounds of the Security Rule in Title II of HIPAA. Title II is also known as Preventing Health Care Fraud and Abuse; Medical Liability Reform; and Administrative Simplification.
To identify which among the existing mechanisms of the hospital needed improvement in order to qualify for the HIPAA standards and rules, I noted the facts that hospital transactions done electronically are more efficient and that HIPAA requires certain electronic transactions in hospitals to be safe and not prone to fraud. Since the only transactions in the hospital which are not done electronically are those in the insurance billing department, it is only beneficial and necessary to make transactions in the insurance billing department to be done electronically as well. Not only does it hasten the process of issuing insurance bills. More importantly, it guarantees less to no errors due to human miscalculations.
As far as the HIPAA standards are concerned, the existing electronic transactions and automated processes in the hospital should all be secure from invasion to the privacy of the client’s from intruders. Electronic records should be safeguarded and should only be accessed by concerned personnel. Moreover, data encrypted and stored in the computer’s system should only be accessed by computers that belong to the same network. Files should only be sent to and received by their intended recipients. All of these things should also be applied to the suggested electronic upgrade of the insurance billing transactions.
As insurance billing typically involves filling-up the documents by the hospital staff on behalf of the patients and since these documents are then submitted to the corresponding insurance companies, improving the efficiency and accuracy rates of the hospital’s insurance billing performance is needed in order to comply with the HIPAA standards. Instead of filling-out series of paper documents only to be sent via mail delivery to the insurance companies, our hospital can make use of electronic insurance billing forms that will be stored in our computer’s database. We will need to have at least one insurance billing form from each of the major insurance companies. Each time a patient requires insurance billing, the member of our hospital staff assigned to carry-out the tasks under the insurance billing department can easily retrieve the forms from our database and fill them out with the information about the patient.
As the security engineer, I also strongly suggest that there should be a fixed number of staff members that will be assigned for the insurance billing department. It is necessary that those who will be chosen to work under that department are familiar with the basic skills needed to handle computer operations. Proper computer training should likewise be given to the staff members under the insurance billing department in order to further familiarize them with the processes and methods involved in storing, sending and retrieving delicate private information from our patients.
Furthermore, HIPAA requires that there should be strict administrative, technical and physical safeguards in the handling of sensitive electronic information about our patients which are to be stored in our hospital’s database. I highly suggest that each of the staff members should be assigned with a specific function in the operations of the electronic insurance billing. One is to be designated with the task of retrieving specific insurance information of certain patients. Another one is to be designated of storing the information given by the patients to specific locations in the database with the proper coding and with the proper security measures so as not to corrupt the files and make them easily accessible to intruders and other unauthorized individuals.
While our hospital’s efforts to make the processes more efficient and more effective through electronic automation becoming a fulfilled task, we should not leave the insurance billing department behind this transition. HIPAA might not consider the hospital’s merits for passing the requirements for HIPAA compliance just because the hospital is unable to make a holistic automation of the services that we offer to our patients. I strongly suggest that we take these changes and implement them as soon as possible in order to give our hospital reputation than what it is today.
I will be more than glad to have an in-depth discussion of the proposals with you so that we can further identify what needs to be done and what should be retained in the existing set-up of our hospital.