How Is HIPAA Compliance Defined?

HIPAA is the Health Insurance Portability and Accountability Act. HIPAA was first enacted in 1996.  At its core, the act is centered around patient data protection. Any company that details with patient data, whether that be medical charts, EHR, or information pertaining to medications taken or illnesses suffered, is liable for keeping that information reasonably safe. Medical coders and billers are also bound by the responsibility of keeping compliance with HIPAA.

In other words, any party that comes into contact with patient information or data must in some way or another, be responsible along the chain for keeping the privacy and integrity of that information. As the medical industry, as well as insurance companies, continue to take their data storage and practices online, there is an increasing need to make sure that information is protected.

As such, HIPAA compliance requirements have tightened over the years as, despite the convenience of internet and software services, it is clear that many companies have not sought out safer and more secure methods of storage as compared to the old days of locking away papers in a file cabinet. While these online services make the day to day operations of insurance companies and doctor’s offices considerably quicker—you can get a blood test and look up lab results within a day or two in many cases, it also means that there is a much larger digital footprint.

Because we are still in a transitionary period in which many companies have only recently have become primarily online based, it means not all companies are well equipped to deal with data breaches and hack attempts.


  1. HIPAA Privacy Rule – The HIPAA privacy rule exists to protect an individual’s medical records as well as any other personal health information. The rule works by charging those who deal with patient information directly to be responsible for the information. In other words, the data must be kept private and must not be used for any commercial purposes. It is a well-known fact that data analysis has become a necessary service for almost any type of business. As such, information pertaining to people is highly valuable but presents a conflict of interest if sold. The privacy rule is highly important, consider this case of UCLA hospitals being fined $865,000 for not properly protecting medical records.
  2. HIPAA Security Rule- The HIPAA Security rule is one that enforces the security of the maintenance, transmission, and handling of ePHI (electronic private health information). The security rule details the standards and expectations of security regarding these methods of information dispersal. Staff members who deal with this information must be refreshed annually.
  3. HIPAA Breach Notification Rule – This rule is fairly straightforward, if you or a company you are a part of become aware of a breach of data regarding PHI or ePHI, you must report the breach to the HHS OCR—the Office of Civil Rights.

HIPAA Compliant Remote Medical Billing

Are you looking to save time and money? Outsource your medical billing today! The Psych Biller offers a full-time remote billing solution for your businesses’ needs. Time spent on paperwork is time not spent on nurturing your business and interacting with your clientele. We are proud to offer a highly cost-effective HIPAA compliant billing records and communications that will satisfy the aforementioned rules and regulations!

Contact us here to get started today!