HIPPA Requirements


Where can I find out exactly what the necessary requirements are to be HIPPA compliant for a medical billing business.   

Also, what exactly is a compliance plan? Is it necessary?  Thank you for all your continued help. 


Hi Lori,

A compliancy plan is a plan of action that will be taken if a HIPAA violation has occurred in your office.  You need to designate a HIPAA compliancy person, can be yourself.  Then if anyone in your office, or any of your providers have a concern or complaint, they would address the compliancy person.  You should have the compliancy plan in writing and on file so if it is ever requested you can produce it.  It doesn't have to be too formal.  Just state that 'Whoever' is the compliancy person and if an employee has a concern they can express it verbally or in writing to that person.  That person will investigate the circumstances surrounding the concern/complaint and take appropriate action.

This link takes you to the CMS page of info on HIPAA:


But it really appears much more complicated than it needs to be.  Especially for billing services.  You just need to make sure that any PHI (personal health information) that you have is protected from anyone else seeing, using, or doing anything else they shouldn't be doing with it.  Your computers should be password protected, your office should be locked, etc etc.  We don't have patient's coming and going so it is not as difficult as it is for providers offices.



[0] Message Index

Go to full version