HIPAA and the Revenue Cycle
Billing Work Is Also Privacy Work
Every step of the revenue cycle touches protected health information — diagnosis codes, treatment details, insurance information, and financial data. HIPAA exists to make sure that information is only seen, shared, and used by the people who genuinely need it to do their job.
Where HIPAA Shows Up in Billing Work
Only access or share the information needed for the specific task at hand — not an entire chart when only a billing code is needed.
Before discussing any account details over the phone, confirming identity protects both the patient and the practice.
Statements, EOBs, and printed reports containing patient information need to be handled, stored, and disposed of securely — not left visible at a workstation or in an unsecured bin.
Why This Matters Beyond the Rule Itself
Patients trust the practice with sensitive information because they have to, not because they have a choice. Protecting that information carefully is part of honoring that trust, not just avoiding a violation.
Where Small Slips Happen
Common risks to watch for: discussing account details within earshot of other patients, leaving a screen with patient information visible and unattended, and sharing more information than necessary when a family member calls asking about a balance.