Medical Billing – DME Software Security
In this installment of medical billing and DME software, we’re going to cover the topic of security, which can actually apply to any type of medical billing software since security is such a big issue these days.
The whole topic of security pretty much stems from the HIPAA privacy rules. These rules cover just about everything, including health plans, health care providers, health care clearinghouses and billing agencies. If you’re associated with the medical profession in any manner shape or form, you are probably under the HIPAA privacy rule umbrella.
The main information that is protected by the HIPAA privacy rule is the patient’s past, present, or future medical condition, the provision of health care to the patient, the past, present or future health care to the patient and all the patient’s private information including social security number, EIN, or any other private information of the patient, including payments made by the patient or to the patient.
The above is extremely simplified, as the law is pages long. There are also some limited disclosures that are allowed. Some covered agencies are allowed access to this information but they have to show just cause why they need it, such as police, prosecutors, etc. Where this complicates things is with billers. While the billing agency itself needs to know this information in order to properly bill the patient and insurance company, there has been a lot of heated argument about who in the billing agency should have access to this information. Because of this, only people directly involved with the actual billing are granted access to this information. Therefor, non billers, of which there are plenty in a billing house, are not allowed access to this information. This is where the problem comes in.
The solution is DME software security. By restricting workers to certain parts of the system, such as inventory personnel, the administrator of the software can make it so that these people are only given access to their area and therefor gain no access to patient records. This is done in the security options section of the software under each users name.
Most software will have basic access categories so that the administrator doesn’t have to go into each individual section and give and deny access one section at a time. By having categories, such as biller, inventory, supervisor, etc., the administrator can just assign a category to the worker and the programs associated with that category are then given to the worker. All other programs are blocked. If individual program access is needed under special circumstances, this is also provided by the software as well.
The job of the software administrator is not an easy one. For one thing, most administrators themselves are not billers and therefor are only allowed certain access. So while they are allowed to give access to patient records to various people, they themselves are not allowed this access. It’s a tricky situation to have to deal with but not impossible if the security is set up just so. This makes medical billing just a little easier.