Implementing EDI

January 6, 2006

I'm about to start a new practice. My privacy manual is already in place, but I still need to develop my HIPAA claims and security protocols. What's involved in this process?

Q: I'm about to start a new practice. My privacy manual is already in place, but I still need to develop my HIPAA claims and security protocols. What's involved in this process?

A:Let's address claims protocols first. If you plan to file claims electronically, you're required to comply with HIPAA's electronic data interchange (EDI) standards, which dictate the format you must use for claims submissions and other electronic exchanges (remittances, patient eligibility checks, and so forth). The claims you submit will be HIPAA-compliant if you use a billing company. But if you handle your own claims submissions, it's worth your while to get a copy of CMS' claims submission software. It's available from your Medicare carrier, which offers the software free or for a nominal price.

Regarding security, HIPAA requires that you take reasonable steps to maintain the security of all electronic medical information. Generally, this means assessing potential risks within your practice and addressing them. For a primer on security issues, go to www.cms.hhs.gov/hipaa/hipaa2/education/default.asp, and click on one or more of the papers in the "HIPAA Security Educational Paper Series."