Wednesday, May 18, 2011


Just for the record, it's HIPAA, not HIPPA. The actual legislation is called the Health Insurance Portability and Accountability Act of 1996 (HIPAA), not the Health Information Patient Privacy Act (HIPPA). I can't tell you how many times I've seen the latter referred to. As a matter of fact, a colleague of mine once emailed a company after seeing HIPPA repeatedly displayed on their website. Once she educated them, they offered her a job!

Privacy and Security
It's true - when most of us think HIPAA, we think privacy of health information. And that's a huge part of it. We may even think, as coders, that we are only impacted by HIPAA when it comes to keeping the medical record information we read during the coding process confidential. But HIPAA is much bigger than keeping health information from falling into the wrong hands. The true intent of the law was the make sure people retained insurance coverage as they changed jobs. It includes several provisions for sharing data electronically and in order to enact this sharing of information, it was prudent that privacy and security provisions be built into the infrastructure of HIPAA.

As coders, we will likely be required to sign confidentiality agreements with employers. We will be subjected to criminal background checks and possibly credit checks. We will be forbidden from discussing that interesting ER case in the elevator. We won't be able to look up medical record information for friends and family. Well, I suppose you could, but make no mistake - there is very little to no tolerance for HIPAA violations. I've seen people dismissed immediately for violating patient confidentiality. I saw this most at a celebrity-frequented hospital where people tweeted or posted on Facebook when someone famous was admitted or they released specific protected health information (PHI). In this day and age, it's not uncommon for employers to have a social networking policy that addresses Facebook and Twitter.

And while privacy of PHI is a coder's concern, there are other provisions within HIPAA that impact us. I meet a lot of people who want to code so they can work from home. But setting up a home office as a coder means more than getting a computer and internet connection. Along with ensuring patient privacy comes security of PHI as well. The home workstation must be secure from breaches including hacking of computer systems and stolen computers. It's a natural concern when setting up a home office - who will have access to the work computer and if there are multiple people living in the household, what provisions are being taken to ensure that the workstation is secure? Some home coders may be subjected to a home evaluation by an employer to ensure the workspace is secure.

HIPAA-Defined Code Sets
Still not convinced that HIPAA impacts you greatly as a coder? How about the codes you use? Those are also intertwined into HIPAA legislation. Electronic exchange of information between two different parties requires specific transactions. For example, the submission of an insurance claim by a provider to a payer is one such HIPAA transaction. There is another for communication from the payer back to the provider about what was paid on each account. These HIPAA transactions require a common language between the parties. And that language is often codes. As such, HIPAA defines which code sets are approved for reporting diagnoses and procedures in order to ensure uniformity.

There are six code sets approved for various uses and time periods as defined by HIPAA:
  • HCPCS (Healthcare Common Procedural Coding System, Level II)for ancillary services and procedures
  • CPT-4 (Current Procedural Terminology) for hospital outpatient and physician services
  • CDT (Current Dental Terminology) for dental services
  • NDC (National Drug Codes) for over-the-counter and prescription medications
  • ICD-9 (International Classification of Diseases, 9th Revision) for diagnoses and hospital inpatient procedures - currently used
  • ICD-10 (International Classification of Diseases, 10th Revision) for diagnoses and hospital inpatient procedures - effective October 1, 2013
The HIPAA Version 5010 Standard
Most coders and coding students are aware of the massive effort currently under way to migrate from ICD-9 to ICD-10 in 2013. Many are not aware, though, of the updates to the HIPAA transactions that must occur in order to make ICD-10 data electronically exchangeable. We currently operate under the HIPAA version 4010 and as of January 1, 2012, we will use HIPAA version 5010. This upgrade includes many other updates besides those to get us ready for ICD-10. The impact of 5010 implementation is currently being felt by payers and providers as they gear up for testing these new transactions beginning in July. As of January 1 of next year, CMS will not accept any electronic data in the old format. And that means failure to comply will hold up claims submission and payment.

The 5010 upgrade is probably invisible to most coders in an organization. It's very much an information technology (IT) initiative and involves inventorying systems and working with vendors and payers to ensure everyone has updated to the 5010 standard. In addition to updating the number of bytes available to report ICD codes and allowing for alpha-numeric entry (instead of mostly numeric with ICD-9), it also includes updates to allow for reporting the present on admission indicator, eliminates the release of superfluous PHI for insurance certification and verification, and eliminates numerous other inefficiencies in reporting data electronically.

So keep an eye out for the acronym HIPAA - it will come into play a lot in your career as a coder. As for HIPPA, I still can't figure out what that is. There is no Health Information Patient Privacy Act, so as best as I can tell, a hippa is a baby hippo!