HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996, the first comprehensive federal protective law guaranteeing the privacy of patients’ personal health information. As part of HIPAA, Congress required the development of privacy regulations to ensure the confidentiality of protected electronic health records. The challenge of complying with increasingly stringent government regulations, such as HIPAA, was requiring that health care information be portable and available, legislating the use of uniform electronic transactions, and other administrative measures.

Today, finding HIPAA compliant medical billing software can be crucial, but at a high cost for the small medical office. Large medical providers or medical billers that already have strong security policies and practices in place, HIPAA security rules will not enforce major changes. The most severely affected structures will be small medical practices and billers that have weak security policies and practices, which as a result must undergo an extensive and costly compliance effort.

The HIPAA rules are divided into four sections:

  1. Administrative Safeguards
  2. Physical Safeguards
  3. security services
  4. Security mechanisms

This article deals specifically with software security rules. However, there is no such thing as “HIPAA compliant” software. The responsibility to comply remains with the medical practice. Please note that the term “HIPAA Compliance” refers to a medical practice obligation and not to a software technical specification. An example of a non-software rule is placing workstations in secure locations (not in open or public areas) and orienting workstations to prevent unauthorized personnel from viewing them.

Two main areas affected by HIPAA are medical billing software and practice management software. The HIPAA security standard requires that if protected health information is stored or processed electronically, then the security standard applies to that covered entity.

The main HIPAA compliant software procedures are:

A. Any medical billing software package should provide a comprehensive contingency plan. HIPAA requires all covered entities to maintain and regularly update a plan to respond to system failures. The software must include robust functions to:

  1. Backups.
  2. Data restoration.

B. Hipaa requires all medical providers to take a thorough look at how data is created, where it is stored, who can change it, and who can delete it. The software must include functions to:

  1. Audit trails. Access to tracked and recorded data fields.
  2. Log files. Those files keep track of changes made to patient data in the program, and those changes can be viewed and printed by opening the audit trail analysis screens.
  3. Sign in to reports.
  4. Security event log monitoring of Windows-based computers.

C. Procedures for Determining and Granting Access. This means secure access to patient data only to authorized personnel with:

  1. Individual authentication: individual logins and passwords.
  2. Role-based access control.
  3. Automatic logout function. This feature will automatically shut it down after the selected amount of idle time. This prevents others from reading your screen if you have left your office with the app turned on.

It is very important to verify all of the above on a trial basis. Don’t trust vendors that don’t offer trial versions. At Biosoftworld we offer full trial versions of our medical billing software. After 30 days, the trial copy will simply expire. There is absolutely no obligation to purchase.