Medical Billing: EMR Software Security

In this installment of DME and medical billing software, we are going to cover the topic of security, which can actually be applied to any type of medical billing software, as security is a very important topic these days.

The whole issue of security is largely derived from the HIPAA privacy rules. These rules cover just about everything, including health plans, health care providers, health care clearinghouses, and billing agencies. If you are associated with the medical profession in any way, shape or form, you probably fall under the umbrella of the HIPAA privacy rule.

The primary information that is protected by the HIPAA privacy rule is the patient’s past, present, or future medical condition, the provision of health care to the patient, the patient’s past, present, or future health care, and all private patient information. , including social security number, EIN or any other private information of the patient, including payments made by the patient or to the patient.

The above is extremely simplified, since the law has pages. There are also some limited disclosures that are allowed. Some covered agencies are allowed access to this information, but have to show good cause for needing it, such as police, prosecutors, etc. Where things are complicated is with the billers. Although the billing agency itself needs to know this information to correctly bill the patient and the insurance company, there have been many heated discussions about who in the billing agency should have access to this information. Because of this, only the people directly involved with the actual billing have access to this information. Therefore, non-billers, of which there are many in a billing house, are not allowed access to this information. This is where the problem comes from.

The solution is DME software security. By restricting workers to certain parts of the system, such as the personnel inventory, the software administrator can make it so that these people only have access to their area and therefore not gain access to patient records. This is done in the security options section of the software under each user’s name.

Most software will have basic access categories so that the administrator does not have to go to each individual section and grant and deny access to one section at a time. By having categories, such as biller, inventory, supervisor, etc., the administrator can simply assign a category to the worker and the programs associated with that category are delivered to the worker. All other programs are blocked. If individual access to the program is needed in special circumstances, the software also provides this.

The software administrator’s job is not easy. For one thing, most admins aren’t billers and are therefore only allowed some access. So while they are allowed to give access to patient records to various people, they themselves are not allowed this access. It’s a tricky situation to deal with, but not impossible if security is set up that way. This makes medical billing a bit easier.

Leave a Reply

Your email address will not be published. Required fields are marked *