How Secure is your Medical Billing Information – 90 Day Extension for Policies until August 1st
Posted May 07 2009 8:28pm
When it comes to security for medical record information, everyone thinks of electronic medical records, but billing information is being addressed as well. I mention this as quite a few offices have computerized billing software and information stored, even though they are not formally using any type of electronic medical record.
With all the confidential information stored here, this could also be deadly when it comes to medical identity theft and breaches, so it’s not just limited to medical records software, billing information too is considered prime territory for theft. As mentioned, this rule is targeted at creditors, and the AMA is looking to submit some type of provision to omit physicians, but still overall, take a look at the security on your billing software just as a good measure and make sure it is not susceptible to identity theft. It may be a while before all can come to an agreement here on the language, but common sense will tell you that nobody wants a breach when it can be avoided.
It is interesting that breaches are still up in the air for personal health records, but this is a much bigger target as if someone were going to take the time to break into one PHR, it would hardly be worth the effort where large data bases are the fruitful targets. BD
Hospitals and physicians have another three months before they are held accountable for complying with what’s called the “red flags” rule, intended to compel financial institutions and creditors to help prevent identity theft, though doctors have yet to give up arguing that the regulation shouldn’t apply to them in the first place. The rule, which stems from the Fair and Accurate Credit Transactions Act of 2003, requires covered organizations to have written policies that specify possible indicators of identity theft in their operations and procedures to monitor and respond to them. The Federal Trade Commission interprets the rule to reach to healthcare providers because they allow deferred payment for services, which came as a surprise to many as the original enforcement deadline, Nov. 1, 2008, loomed last fall.
“I think for the most part healthcare providers would have a lot of this already in place with medical records in complying with HIPAA and state law,” said Jud DeLoss, a principal at the law firm Gray Plant Mooty in Minneapolis . “Medical records aren’t the target here, it’s the billing,” DeLoss added. “That’s not entirely new for more sophisticated systems, but it’s certainly a new area, for a concentrated area, to prevent the loss or misuse of patient information.”
The American Medical Association intends keep trying to persuade the FTC to reopen the rule for comments to allow them to formally argue that physicians aren’t among the targets Congress intended. This extension is a direct result of AMA advocacy to spare physicians from having to comply with this onerous rule aimed at creditors,” AMA board member Ardis Hoven said in a written statement.