53 Top Healthcare Blogs for Up-to-date Healthcare News and Insights image

Healthcare Blogs: The Complete List To Follow (2020 Update)

Whether you are looking for new clinical studies, advances in technology, or changing healthcare policy, running a search for the best healthcare blogs can be hectic. You’ll probably get tons of outcomes ranked based on the search keyword you used. Unfortunately, in most cases, this is not always an indicator of the best healthcare blogs.

Thankfully, we’ve done the hard yards for you and identified the best 53 healthcare blogs you can learn from. These healthcare blogs will help you catch up on new healthcare policies, updated news, jobs, and marketing, among other topics.

Thankfully, we’ve done the hard yards for you and identified the best 53 healthcare blogs you can learn from. These healthcare blogs will help you catch up on new healthcare policies, updated news, jobs, and marketing, among other topics.
As the name suggests, it is a blog by the department of health and human services. HHS IDEA Lab focuses on technological solutions for improvingthe quality of human health service delivery. This blog contains important information for both patients and professionals alike.
Here is another blog with unique features. It helps healthcare professionals to navigate through the essential aspects of the healthcare industry within a few seconds. Healthcare dive has a wide coverage of topics such as health IT, hospital administration, and implementation of artificial intelligence.
It’s a quality blog that concentrates on healthcare financial implications. It provides insight on revenue cycle management, reimbursement services, and healthcarestrategic planning.
Healthcare Financial News’ award-winning content editors deliver in-depth reporting, breaking news, and analysis on compelling healthcare topics such as capital investment.
Healthcare IT News blog offers actionable, timely, and analyzed news on the healthcare technology landscape.The blog provides tips for implementing EMR, revenue cycle management, and leveraging patient data for better care.
This blog is part of the HIMSS Media, a media group that focuses on healthcare and tech markets.
Medgadgetis a weblog focusing on medical technologies. Launched in 2004, this website is known for up to date information on healthcare trends,medical research, and international medical technology news. Additionally, it covers news updates on the latest medical devices and technological discoveries.
Medgadget is ranked as one of the most trafficked healthcare blogs in the world.
This is a blog founded by Dr. Kevin Pho in 2004 to provide anin-depth analysis of physicians’ issues. Several authors share their personal experiences and insights here.
The blog’s readers get regular insight into the health sector from nurses, policy experts, surgeons, doctors, medical students, and more.
WebMD Doctors is extensively known for its collection of healthcare blogs such as eMedicineHealth, Medscape, and RxList, among others. Besides, WebMD stands out for its multiple features, such as the symptom checker and physician directory.
Interested readers can access topics ranging from heart medication, parenting to good healthy eating.Besides, every post is penned by a qualified physician to maximize the output quality.
This is a non-profit news blog focusing on in-depth coverage of healthcare headlines, including politics and the healthcare system. They give clear information on how doctors, insurers, hospitals, nurses, consumers, and governments work.
Besides, their KHN Morning Briefing feature ensures you get all the recent healthcare happenings.
Harvard Medical School publishes this blog.It provides a wide range of health topics and medical news vetted by multiple faculty physicians in the school and affiliated hospitals.
Some of the questions recently discussed are: “Does air pollution cause Alzheimer’s disease?” and “How can I know if my penicillin allergy is real” among others.

This healthcare blog focuses on digital policy and health law. Aptly, it is managed by David Harlow, who is a healthcare lawyer and consultant.Harlow uses this blog to dig deep into topics such as digital health regulation, data security and government response, and opioid crisis, among others.

This blog is affiliated to the National Academy for State Health Policy (NASHP). The State Health Policy Blog provides insightful content on issues like mental illness studies, state-based marketplaces, Medicaid expansion, and problems associated with increased healthcare costs.
The CGD Global Health Policy blog is part of CGD – The Center for Global Development Policy blogs such as Climate Change, Energy, and Aid Effectiveness, among others. This healthcare blog offers great analysis and ideas on issues concerning fiscal policy for health, health program evaluation, and family planning.
Besides, the CGD Global Health blog provides content on infectious diseases and health security.
Are you looking for content on how healthcare organizations can thrive through effective marketing? Geonetric, a marketing agency, is worth having a look.
Geonetric specializes in growing healthcare industries by offering insightful ideas. For instance, the blog helps in the creation of effective content strategies, building a professional standard website, among other noteworthy health industry trends.
It’s a full-service agency blog that discusses topics on medical practice as well as healthcare advertising and marketing. Its pages are regularly updated with the most relevant healthcare information.
Some of the discussions here revolve around the benefits of using YouTube as a healthcare advertising strategyand reasons for mobile advertising in hospitals. Besides, it advises on how you can take advantage of online doctor reviews in your organizations’ operations.
ReferralMD’s Healthcare blog builds on itseConsultant mission of improving patient care and access to health systems. The blog has millions of readers. Its blog coversa wide range of topics,especially on the business side of healthcare technology.
This medical marketing blog provides professional healthcare reviews on various health news, including telehealth, medical technology, and healthcare PR practices, among others.
Modern Medicine Network hosts Physicians Practice. Each article in this blog tackles a topic relevant to today’s healthcare professionals.
It offers tactics on how you can encourage patients to come back to your healthcare practices. Also, it helps in weighing the pros and cons while outsourcing marketing strategies.
Ragan Health Care Communication is loaded with information on topics like mobile health, social media, PR, and marketing in health. Generally, it is a one-stop-shop concerning all issues related to healthcare marketing.
For instance, you will be educated on how to communicate effectively with your patients and staff. This blog is suitable for a small practice manager or HR manager.
This is another helpful top marketing blog for any medical marketing group. This blog covers a wide range of topics on healthcare. Some of their discussions concern digital marketing tips for health care brands and guides to overcome Ad blindness, among others.
Check out this content to get exciting insight from doctors and other healthcare researchers on ways to improve your online marketing skills.
It is considered one of the largest healthcare talent acquisition network in the US.HealthJobs Nationwide offers content specifically to healthcare professionals. They provide regular news, opinions, and insights on healthcare jobs nationwide.
For instance, if you want to check on the most-in demand specialties on certain healthcare professions, this blog is a good start.
The Rasmussen College School of Health Science blog provides infographics and testimonials on career-related issues and paths of education within the health industry. This blog helps you to develop skills and knowledge on how to improve your patients’ lives.
Are you hunting for a healthcare career that will bestfit your lifestylerequirements? All you need is to tune to Health Career Blog’s articles.For instance, this blog will come in handy if you want to learn about good healthcare careers for ‘millennials,’ top medical jobs, and perhaps safe tips for quitting a job.
This is an organization devoted to enhancing healthcare initiatives and providing digital health care solutions across all communities in the US.The blog shares a huge amount of varying healthcare industry topics such as diversity within the workplace and data in healthcare.
Moreover, the blog digs into more details on subjects such as healthcare job applications from your mobile gadget,healthcare fraud,and working with disabilities, among others.
This is a healthcare blog devoted to issues onhigh need locum news and healthcare staffing today. The Staff Care Insider blog offers insightful information to healthcare professionals looking for new career opportunities as well as medical facilities that need staffing guidance and support.
Some of thetopics discussed on the blog includehealthcare job shortages, reasons why the time for waiting in hospital is longer today, and tips to overcome mental health shortage, among others.
This blog produces content to improve public dialogue on issues about healthcare.It is published by Gary Schwitzer, who is a healthcare journalist.
Health News Review (HNR) blog, as the name suggests, helps its readers to analyze healthcare industry claims easily.From news on the latest tests and treatments to the validity of recently published studies, HNR is the go-to guide for analyzing healthcare news.
Health and Medicine is an offshoot of the famed Discover Magazine. The regular readers of this blog enjoy up-to-date content on mental health, aging issues, obesity, nutrition, biotechnology.
Besides, the blog publishes thought-provoking articles on healthcare breakthroughs and its impact on our daily lives. The Discover Magazine Health blog is worth visiting for more insight into complex trending subjects on health today, such as CBD oil.
Modern Healthcare is among the top sources of healthcare policy and business news today. With a stellar team of health reporters, it is an excellent blog for researching the topics related to healthcare, such as insurance, technology disruption, drug safety, and quality, among others.
This blog also contains sponsored content on healthcare from various affiliates in the health sector.
Centers for Disease Control and Prevention (CDC) make use of Public Health Matters blog to deliver critical messages about the healthcare sector. This blog is dedicated to offering readers with regular updates on public health evolution. Besides, it focuses on the continuous steps made to improve the general state of the US healthcare.
It is an American Hospital Association publication. As the name implies, this blog is prepared for trustees, hospital directors, and board members. It covers information on healthcare governance and trends.
However, you’ll also find tons of valuable written content on patient care to strategic healthcare plans.
HPN is a magazine for healthcare business news. This blog contains information on products and systems that affect supply chain management of the healthcare industry.
Health Purchasing News offers monthly healthcare magazine printouts and daily updated online content on the same.
The OMC is a blog that concentrates on newborns and mothers. It contains all the essential information that new parents need to know when raising a baby. The blog covers topics such as kinds of foods newborns should take, ethical issues surrounding parenting, and how to find the correct pediatrician to monitor their lives.
Inside HSCA is a great blog for anyone searching for content regardinghealthcare supply chains. It is the official blog for The Healthcare Supply Chain Association. It is among the main reasons why HSCA has evolved to be one of the most influential healthcare advocacy and policy organizations.
This blog offers insights intothe healthcare industry’s most challenging and newest issues. From tariffs on the importation of prescription drugs to comments on various healthcare policies, this news blog is worth checking out if you are a healthcare provider.
Health Facility Managementis another publication by the American Hospital Association. This blog covers a wide range of topics, especially on health facility design and construction, environmental services as well as the sustainability of healthcare systems.
The HFM blog also posts interviews with experts in security solutions for healthcare environments, health facility architecture, as well as hospital energy use systems, among others.
HFMA blog focuses on healthcare professionals in the finance sector. The talented authors of this blog highlight issues affecting healthcare leaders. It addresses topics such as collaboration of healthcare finance and clinical leaders, healthcare reforms, and trends as well as risk management in the healthcare sector.
Besides, the blog covers all your questionson the effects of technology such as AI, EHRs, and telemedicine.

Want to find out how we do it? Read on, or contact us for a quick chat.

This blog publishes content for hospitalists in the US. They discuss a wide range of trending topics on patient satisfaction, healthcarereform and redesign, hospital medicine, and the opioid crisis, among others.
Besides, Today’s Hospitalist blog provides monthly report overviews on hospitalist recruitment, quality improvement initiative, clinical updates, and practice management issues.
The H&HN blog targets hospital executives and emerging healthcare leaders.They have daily and weekly publications on financial, clinical, and demographic issues in the healthcare sector.
H&HN helps executives identify emerging trends in healthcare for better management of health organizations. The blog also reports on health information technology as well as other important issues relevant to the hospital C-suite.
3M Health Information System Inside Angle Blog contains articles from experts within the 3M industry. Such experts include clinicians, strategy experts, analysts for coding and clinical development,and researchers among other healthcare industry professionals.
This blog offers insight and perspective on categories such as interoperability and terminology standard, data science, and analytics in the health sector.
This is a healthcare IT blog affiliated with the Association for the Advancement of Medical Instrumentation (AAMI), a non-profit organization with about 7,000 members. The AAMIblog contributes content on the medical industry’s risk management as well as the development and safe use of health technology.
Some of the topics covered include healthcare IT, security, risk management, and standards in medical technology.
Change Healthcare Viewpoints provides insight into the healthcare industry. Here you’ll get content on healthcare IT guidance from the industry’s experts.
Read this blog for detailed information on health informatics, healthcare transformation, healthcare consumer engagement strategy, interoperability among other consumer digital tools.
The Chilmark Research blog focuses on healthcare IT. With this blog, you can’t miss out on major healthcare events such as emerging health IT trends and predictions, HIMSS, information concerning regulations, merger stories, innovations, and partnerships.
Check out this blog to explore more information on the current health IT innovations as well as their integration in the healthcare sector.
DXC Technology is aninformation technology services company. Their health blog targets healthcare providers and medical researchers. It addresses topics such as storage of patient data in EMRs, aggregated healthcare data use, and automation of antibiotic use, among other healthcare solutions.
Their healthcare section is regularly updated with information on how clinicians and caregivers can embrace healthcare IT for better service delivery.
HITRUST Alliance is a non-profit organization dedicated to the promotion of programs that safeguard sensitive information and manage risks across the healthcare industry.
The HITRUST Blog discusses topics on cybersecurity, healthcare industry regulations, healthcare leadership lessons, and risk management tactics.
Perficient is a top digital transformation consulting organization with about 2000 global clients. This blog has interesting information on healthcare industry trends, tips for boosting your practice performances,and health IT insights.
Phoenix Health System is a healthcare IT service provider focusing on improving healthcare quality through digital innovation.
The Phoenix Health System blog covers all you need when it comes to digitalized health systems: health IT consulting, HIPAA data privacy and security, cloud computing, IT operations, and project management, among others.
It concentrates on current innovation and trends in health IT. The blog contains topics on data analytics, development of patient and hospital mobile app, information security.
This blog aims to help medical device managers, healthcare providers, health IT professionals,and pharmaceutical companies to achieve the symbiosis between IT and healthcare.
Spok is a healthcare leader in clinical communication solutions. The blog, Spokwise Healthcare, delivers informationon clinical and healthcare communications, how to improve patient experience, health care security, among others.
The posts cover topics such as interoperability, patient satisfaction, and safety, security, staff efficiency, paging, among others.You can navigate and explore more in just a few clicks.
Agency for Health Research and Quality (AHRQ),is a US government agency focusing on improving healthcare system quality and safety through research.
Issues discussed in this blog includedigital healthcare transformation through telehealth,empowering primary care, patient safety, and experience, just to mention a few.Besides, here you can get the information on how to advance health science by drawing insight from AHRQ research to practice.
CMS –The Center for Medicare & Medicaid Services is another government resource for health IT leaders. With this blog, be assured of insights on payment model innovation, health expenditure, interoperability, among other topics.
Also, the blog provides essential updates on legislation and regulatory proposals in the medical sector.
The FDA Voices blog provides insightful information on medical device oversight. Due to the increased use of devices in the healthcare industry, the FDA Voices is a great one-stop website for an expert perspective on medical products, consumer safety, food, and tobacco policy.
Besides, you can read more about the future of the FDA’s electronic safety surveillanceon the blog.
This blog’s content is written by a Fast Healthcare Interoperability Resources (FHIR) innovation enthusiast and evangelist, Dr. David Hay. The content is about interoperability and FHIR, among other health IT topics.
Dr. David is an independent contractor who provides insightful information on the implementation of HL7 and FHIR.
Digital Health offers authoritative and dedicated coverage on technology news, policy, and research on health IT.
It focuses on health IT development in the NHS and UK health sector. The topics included range from digital health news on emerging and disruptive technologies such as AI and wearables, to digital health networks and intelligence on health market trends.
This blog is published by journalist Scott E. Rupp, an award-winning and editor who is passionate about healthcare technologies. A great blog to find expert views and the latest news on healthcare IT.

It also provides personal stories and interviews on the innovative tech sector.

Health Affairs is one of the leading blogs on health research and policy. The blog aims to improve healthcare by addressing issues on healthcare cost, access, and quality.
Topics covered by this blog include the affordable care act, health spending, and global health policy, among others.
You can bookmark your favorite healthcare blog from this list to ensure you are always in the loop on healthcare news and expert opinion.

What Is HIPAA Law in Healthcare and What Does it Regulate?

HIPPA sets industry standards for healthcare organizations and service vendors. As such, everyone who works in healthcare must be HIPAA compliant in some way. But what does it mean to bea HIPAA compliant organization or individual? This guide will address various aspects of the HIPPA law in healthcare and what it regulates.

What is HIPAA?

In 1996, the United States passed legislation in an attempt to preserve the privacy and security of the medical data of all individuals. In August of the same year, President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) which contains five key parts known as titles:


Title I gives protection for every individual who loses or changes their job so they can maintain health insurance coverage. It also forbids community programs from restricting coverage to people without pre-existing conditions and illnesses only, and prevents them from setting lifetime coverage limits.


The second title specifies that the development of a national standard for the processing of electronic healthcare transactions is necessary. The U.S. Department of Health and Human Services is responsible for the formulation and implementation. Healthcare organizations also need to implement security measures for access to health data and respect privacy laws.


HIPPA title III provides instructions on tax and medical care provisions.


Title IV of HIPPA specifies the health insurance reform in more detail and sets out the provisions for those seeking continued cover under the Act and the lawson individuals with pre-existing conditions.


Thelast title lays down rules for persons who want to let go of their U.S. citizenship (expatriate) and theeffects it has on their income tax. It also lays down rules for life insurance policies that are owned by companies.

HIPAA History

On 21 August 1996 the Healthcare Insurance Portability and Accountability Act, commonly referred to as HIPAA, became law. The law aimed to improve the accountability andmanageability of medical insurance for individuals who are searching for a different job. It was also intended to reduce abuse, scams, and waste in the healthcare and medical insurance industries. HIPAA has language that promotes medical savings accounts by providing tax benefits, streamlining the way medical insurance is managed, and extending insurance coverage to pre-existing health-related employees.
The procedure of streamlining the administration of medical insurance was a way to encourage the medical industry to turn medical records into electronic format. In 2009, this section of HIPAA gave rise to the Health Information Technology for Economic and Clinical Health Act, also called HITECH. HITECH then lead to the implementation of the Meaningful Use Program, generally regarded by medical professionals as one of the most important pieces of healthcare legislation to be enacted in many decades.

Who Does HIPAA Cover

The HIPAA Privacy Rule refers to organizations deemed to be HIPAA-covered entities, including healthcare insurance insurers, clearinghouses, and providers. Additionally, the HIPAA Privacy Rule requires covered entities that work with a HIPAA business partner to produce a specific contract. This contract should impose specific safeguards on the Protected Health Information (PHI) that are used or disclosed by the business partner.
Protected Health Information includes:
HIPPA privacy rule does not normally include employment records,educational information, or other records that the Family Educational Rights and Privacy Act identifies as PHI. However, there are no restrictions on its use or disclosure for de-identified data. De-identified data does not identify a person or provide information that could identify them.
When a covered entity partners with another company or agency to create or manage healthcare requirements for their business, the other business partner must have a written HIPPA-compliant contract. The contract must specify that all business done with the business partner must meet HIPAA standards and rules as set out in the contract. This must include rules on the protection of the privacy of protected health information. However, the business partner has the contract in place, and they are still directly responsible for compliance with certain provisions of the HIPAA rules.

Covered Entities include:


Health Plans

Want to find out how we do it? Read on, or contact us for a quick chat.

HIPPA Privacy Rules


For an individual protected by HIPAA, you should stay updated with allHIPAA legislation. Any future and even innocuous disclosure of confidential health details of a patient can make a doctor, hospital, or healthcare provider vulnerable to several serious civil and criminal penalties. A violation or infringement of HIPAA arises when a healthcare provider impermissibly discloses or uses information that jeopardizes the confidentiality or privacy of PHI. A healthcare provider must have a detailed understanding of how to properly operate a company without violating HIPAA to survive on the market without being liable for penalties.

Medical Disclosure and Information Uses

HIPAA Privacy Rule gives people control over whether, how, and when protected health information is disclosed or used for marketing purposes. Under HIPAA, a covered entity should not disclose or use the protected health information of a patient for marketing purposes unless HIPAA authorizes it or the patient provides written authorization. The law, however, is not as simple as it seems to be. The HIPAA law includes many restrictions, limits, exemptions, nuances, and allowances.
A covered organization needs to recognize the distinctions between marketing communications and products, medication, and other healthcare services communications. How is marketing done, then? HIPAA describes marketing as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” Generally, if the communication ismarketing-based, the covered entity must obtain the authorization of the person.

When Can a Covered Entity Disclose or Use PHI Without Permission

A coveredentity is not required to obtain an individual’s permission for face-to-face interactions (even though the contact may otherwise be called marketing) according to the law. For example, an insurance provider may sell a health insurance policy to a client in person, and may also advertise a life insurance policy for casualties. A healthcare provider, however, cannot provide the insurance agent with PHI. Hence, they can call the customer on the phone and sell the insurance.
Often, if the entity covered provides a nominal value promotional gift, they don’t need authorization. It’s a lot like when a healthcare provider is offering new parents free baby items. A covered entity, however, cannot reveal the address of the patient to an approved third party for sending new baby products to the parents.
Therefore, refill notifications about the current prescription of a patient don’t need authorization because they’re not part of marketing. Although, any payment the covered entity gets to send the communication to the patient must relate reasonably to the cost of sending the communication.
Also, a covered entity can communicate with a patient without authorization to recommend alternatives to treatment. However, if they receive payment from a third party marketer, whether direct or indirect, the patient must give authorization. It’s important to be careful when dealing with advertisers from third parties. The legality of how advertisers manipulate suppliers to take advantage of their goods and services remains a grey area.
Lastly, coveredentities don’t need to seek patient authorizations given that they don’t accept payment in the following situations:

When Does a Covered Entity Need Patient Authorization

A patient must give written authorization to a covered entity orhealthcare provider forthem to disclose or usePHI unless the Privacy Rule allows it. The rule allows disclosure or uses fortreatment, healthcare operations, andpayment.
There are three particularly unique circumstances in which a covered identity must fully receive formal authorization:
Also, recovery services for drug abuse are subject to the provision of HIPAA authorization if the service works as a covered entity. A treatment center is a coveredentity when it manages coordinates compensation, insurance plans, or asks about the coverage, compensation, or eligibility of a patient.
It is important to remember that HIPAA does not discuss whether a patient needs authorizations to reveal identifiable information regarding sexually transmitted diseases or HIV. You can check the authorization regulations of your State to receive current authorization criteria laws.

What should be in an authorization?

An authorization should have the following:

When Does a Covered Entity Need to Give Individuals a Chance to Consent

Accordingto the Privacy Rules, if a covered agency or hospital wants to publish protected information about a patient in a directory, it must give the individual achance to consent.
A directory helps loved ones to identify a patient at the hospital. The loved ones could include colleagues, relatives, family members, attorneys, clergy,or anyone else who requests for the person by name. If the patient doesnot want this information to be revealed to the healthcare institution, they will not be able to notify the client that a loved one is present there, send flowers, or redirect calls.
The directory contains the protected health information for the patient, including the name, location, and sometimes general information about the condition and religion of the patient (The clergy of the patient is the only one with access to this).
A patient may choose to reveal directory details when they are admitted to the hospital. The patient may then agree, disagree, or decide on what details to share.A healthcare provider may also receive a patient’s verbal consent; however, if the patient wishes to prevent other people from accessing the directory information, it’s best to do it through writing.
When an emergency occurs, and the patient cannot give verbal consent, then the physician or healthcare provider must make use of their best judgment.
A covered entity may also share personal healthcare information with family, friends, or anyone else the patient allows. They may disclose oruse PHI to notify about the location, care, general condition, anddeath toa family member, personal representative, or someone responsible for the patient.
The United States Department of Health and Human Services (HHS) provides examples as follows:

When Can a Covered Identity Disclose or Use PHI for Fundraising

A covered entity may use or reveal protected health information about a patient to a business partner or an institutionally-related charity to raise funds for its gain. A businessassociate offers legal services, financial services, debt collection, and actuarialservices to covered entities. The business partner, however, does not use or reveal PHI in any way that would violate the contract or HIPAA.
Under HIPAA, the onlydetails a covered entity can use are:
A person can, however, opt-out of receiving contact on fundraising. Every time a covered entity or healthcare provider sends a fundraising email, it must have a clear opportunity to opt-out of gettingany other communications.
Anybody that gets thiscommunication should be mindful enough to fully understand the opt-out option. A covered entity has full discretion when determining the opt-out options. It decides whether the opt-outapplies to a particular campaign or all general fundraising.
Furthermore, the privacy notice of the covered entity must state clearly the right to contact the individual to raise funds for the covered entity; however, the person has the right to opt-out of receiving the communications.

How Does the HIPPA Privacy Rule Affect Disclosure and Use of Genetic Information

The Privacy Rule doesnot allow most health insurers to disclose genetic information for purposes of subscription, such as setting premium costs or determining eligibility. Genetic information includes the genetic test results of a patient or family member and records relating to the existence of a disease or condition in the patients’ family members. It also includes all demands for or acceptance of genetic services as well as involvement by a family member or person in clinical research (including genetic testing).
This ban also extends to corporate health benefits (employers), health insurance issues (HMOs and PPOs), and supplemental program issues in Medicare. It does not apply to long-term insurers, though.

HIPAA Security Rules

There’s no question that transition from a paper-based recording system to an electronic one would face some challenges. The more we start relying on electronic documents, the greaterthe chance that data would be accessed improperly. Hence, healthcare staff have to alert patients promptly if their data is stolen orlost.

Electronic Health Record

The electronic health records, also called EHRs, are digitally recorded medical records. Although records in paper charts were common in the past, the government encourages medical personnel to use electronic databases. The advancement will improve overallhealthcare system performance andquality. Today, privacy is a major concern for patients who want to ensure that only approved individuals have access to their sensitive data.
The information in an EHR is private, generally consisting of in-patient and electronic correspondence. The best thing about electronic health records is that they enable quick sharing of information between physicians, specialists, emergency rooms, and other healthcare professionals. It not only increases the quality of treatment patients get, but also enhances productivity and reduces the costs associated with remaining healthy.
The HIPAA Protection Policy is designed to secure stored or electronically transmitted confidential health information. Such rules do not generally extend to documents on paper that you might find in a physical folder or cabinet.
There are still some laws that are exclusive to paper documents. Like all types of safe health information, they are covered by HIPAA Privacy Laws. If paper records have been released to an unauthorized party, it also counts as a violation.
For situations where more than 500 people’s records are compromised, the HHS web site will report about the accident. Such accidents are usually the product of incompetent staff or security procedures with the documents. The U.S. Department of Health & Human Services generally handles the Security Rule and decides what action to take.
Also, the Security Rule needs each organizationto havea security plan well written in its records. All proposals must provide administrative, physical, and technical safeguards.
Administrative Safeguards: These are measures that can be applied in the workplace. For example, you can train staff on appropriate procedures as well as develop a program for recognizing possible risks to health. This form of protection is focused on the preparation and watchfulness of staff members.
Physical Safeguards: This is the use of physical obstacles. Those are the measures you take to avoid unauthorized access to areas of work, data, and computers. These measures may involve securing doors and cabinets.
Technical Safeguards: They are the ones who make use of technology to monitor all record access. For example, you can put computer passwords or encryptions in place that don’t enable electronic transmission beyond the office network.

Breach Notification Rule

Any breach involving protected health information must result in HIPAA notification. It’s also necessary for the companies and organizations to contact the Office of Civil Rights, in addition to notifying the impacted persons. All security violations must be reported. The company or corporation mighteven needto informthe local media in exceptional cases.

How do you know when there is a data compromise or breach

HIPAA describes a breach as the unauthorized use, disclosure, or access of health information. A violation typically leads to a loss of security and privacy. It is important to remember that notification is not needed for every data breach. At the time of the attack, confidential health information has to have been unsecured or unencrypted.
Usually, an organization or company hasthe liberty to determine when data is compromised. These organizations use risk analysis to assess the type of violation and the nature of the leaked information. While the HIPAA guidelines cover national organizations, every State has its unique guidelines. Usually, organizationsinform individuals via first-class postal mail oremail, depending on patient preferences.

HIPPA Enforcement

The HIPAA Privacy Policy protects the privacy of patients concerning their medical history and other confidential health details which may have other agencies protected by the federal HIPAA regulations. Such protected institutions usually include insurance plans (both private and some government health plans), doctors, hospitals, healthcare providers, and clearing-houses for healthcare. Not only do HIPAA regulations ensure patients have access to their records and confidential health information, but they also set standards on how to administer or report those data.

How is HIPAA Enforced

How is HIPPA Enforced The Office for Civil Rights (OCR) addresses HIPAA enforcement problems by reviewing complaints lodged with OCR and carrying out enforcement assessments of covered entities. Besides, OCR offers numerous training, outreach, andeducational programs to educate covered healthcare providers about their HIPAA responsibilities and to promote compliance before anyone files a complaint.
When OCR receives a complaint or starts an investigation, they inform both the group who filed the complaint and the organization involved in writing. To finalize its investigation, OCR may ask for more information from the covered entity. They willcommunicate with the healthcare provider directly. If OCR finds that a HIPAA violation has occurred, they will work with the agency to promote enforcement, request action to correct it, and sign a resolution agreement.
If a settlement has been reached between the OCR and the individual affected, all parties involved in the complaint and inquiry willbe informed of the outcome in writing.

HIPAA Violation Penalties and Fines

The U.S. Office for Civil Rights refers to healthcare providers as insurance services, healthcare clearinghouses, and other covered organizations, as well as business partners of covered entities. Health and Human Services department enforces varying rates of fines and penalties on healthcareproviders who fail to comply with HIPAA laws. The fines and penalties have been revised to reflect the severity of such breaches, based on improvements made to the Health Information Technology for Economic and Clinical Health Act. The fines are meant not only to serve as a deterrent but also to keep violators responsible for their acts.

HIPAA Penalty Structures

Violation of category 1: is one in which a coveredentity did not know about, and could not have avoided even with a littlebit of precaution.
Violations of Category 2: is one that the coveredentity should have known about, but could not have prevented witha reasonable level of care.
Violations of category 3: are considered to be the direct product of deliberate negligence by the covered entity.
Violations of category 4: are the most severe. HIPAA laws are deliberately broken in these cases, and no efforts were made to remedy the situation.

Cost of Penalty

The Office for Civil Rights will use its authority to impose financial penalties if breaches are found to have occurred. Some considerations which have been taken into account include:
Category 1: Offenses are charged at the cost of $100 per violation, up to $50,000 at maximum.
Category 2: Offenses are each charged at $1,000, and could be up to $50,000.
Category 3: Offenses are charged at $10,000 and could go as high as $50,000.
Category 4: The minimum fine for all entities whose violations fall into thiscategory is $50,000 per breach. Maximum caps on all fines are in place because the maximum penalty per category cannot exceed $1.5 million per year.

HIPAA Certification

People searching for HIPAA compliance certification might be surprised to findout that there is no single organizationto go with. A certifying company is quite close to any other provider who can give periodic evaluations.
This is because although an individual might be accredited, a healthcare institution is unable to do so. A business compliant on one day could suddenly be in breach of new laws owing to changes introduced by HIPAA the next day, or just a pure lack of compliance within the firm.
In this way, the only thing that can be done as far as the HIPAA compliance process goes is to check the organization regularly and ensure that it is still compliant with current legislation. Such audits may be issued by vendors offering certification but recognize that passing the test once does not guarantee future, continuous compliance.

HIPPA and Telemedicine

When it comes to telemedicine-related HIPAA rules, it impacts any part of the medical profession and healthcare organization that wants to provide patients at their community centers with a remote service. A lot of people agree that electronic PHI contact is appropriate from a distance when communication is directly between the physician and the patient. To remain under the umbrella of the HIPAA Privacy Law, the medium of communication would also be of interest to medical professionals. It must comply with the HIPAA guidelines relating to telemedicine.
HIPPAsecurity rule states that access to electronic PHI is only given to registered users. The organization or physician will also need a secure communication channel that keeps the integrity of the electronic PHI intact. Surveillance of this program should require continuous monitoring as it protects from cybercriminals and breaches. The main aim is to prevent unauthorized parties from accessing data that could cause damage in the wrong hands. Unsecured communication channels include:
If physicians want to communicate electronic PHI from a distance, all three of these approaches should be avoided at all costs. Once it comes to the HIPAA requirements for telemedicine, all devices that communicate with electronic PHI from a distance must have protection in place which can track and delete the information as appropriate.

How to Communicate Electronic PHI

Most healthcare organizations are using a secure messaging solution that staysin line with telemedicine-related HIPAA requirements. People still enjoy the same speed and convenience with a protected messaging solution that they could find using a respectable system such as Skype, SMS, or email, but it remains compliant with the Security Rules found in the HIPAA guidelines.

HIPAA Compliance and Texting

Texting may be a quick and expedient way for healthcare workers to interact with employers, patients, and all parties concerned. Texting, however, may be a concern with HIPAA requirements. With the introduction of text messaging under the HIPAA umbrella, the importance of HIPAA enforcement in text messaging has become ever more significant. Fortunately, texting applications compatible with the Health Insurance Portability and Accountability Act (HIPAA) can be downloaded to your phone or desktop computer to keep your texts secure. These apps preserve the protection of shared protected health information (PHI) between approved users to better adhere to HIPAA.


If you work in the healthcare sector, you must make efforts to remain HIPPA compliant. Failure to do this could have serious effects on your practice or organization as a whole.
Using this guide, find out which areas or instances is of concern to you, and start taking the necessary steps to become HIPPA compliant.
How to Bill Chronic Care Management 99490 to Medicare

How to Bill Chronic Care Management 99490 to Medicare

In 2015, the new code 99490 was announced in Medicare to cater to patients with more than one chronic disease. It was a huge win because the role involved a lot of services that were previously deemed as unbillable time. Here is everything you need to know about how to bill chronic care management 99490 to Medicare.

What is Chronic Care Management

Chronic care management refers to the continuity of treatment received for patients with numerous chronic conditions outside of the daily office visit. By 2015, Medicare began providing refunds monthly for these forms of services. Non-complex CCM services, billed under CPT 99490, cover at least 20 minutes of clinical staff time per calendar month. They’re managed by a physician or other trained healthcare professional, and provide the following services:
It’s important to know that an initial visit is a requirement for new patients or patients that have not been seen in the past year. There could be an Annual Wellness Assessment, First Preventive Physical Exam, or another face-to-face meeting with the billing practitioner. Such a visit does not form part of the CCM program and is billed separately. Billing practitioners must also get consent from the patient before offering CCM services or billing for it.
Complex CCM services, billed in compliance with CPT 99487, will also require significant revision of the treatment plan, moderate or high difficulty medical decision-making, and at least 60 minutes of clinical staff time every calendar month. They must be directed by a physician or other trained health care professional.

Patient Eligibility

CCM services are allowed for patients with more than one chronic condition expected to last a minimum of 12 months or till the patient dies. The illness must also put the patient at serious risk of mortality, acute exacerbation/decompensation, or functional decline.
Billing practitioners may recommend defining patients needing CCM services using the criteria provided in the CPT guidelines (such as number of diseases, number of prescriptions, and repeat admissions or emergency department visits) or the profile of typical patients in the CPT prefatory language.
Racial, ethnic, and geographical inequalities in health need to be reduced by the provision of CCM services.
The billing practitioner cannot disclose both complex and normal (non-complex) CCM services for a patient in the same month. In other words, within a given service time, a given patient receives either complex or non-complex CCM and not both. Do not assign 99491 to 99487, 99489, or 99490 in the same calendar month.

Some types of chronic medical conditions are:

Practitioner Eligibility

The following groups of practitioners can bill for CCM:



Other clinical staff may provide the CCM service when operating under the general supervision of an eligible physician. CCM programs can also be paid through Rural Health Clinics, Critical Access Hospitals, and Health Centers with federal qualifications. If two practitioners give a patient CCM in the same practice, only one will bill for the code in any given month.
Primary care practitioners may most often bill CCM. Specialist practitioners can also provide and bill for CCM services under some circumstances. The CCM service is not within the practice scope of some limited-license practitioners and physicians, such as dentists and clinical psychologists. These practitioners may collaborate or refer to these physicians to organize and manage treatment.
CPT codes 99487, 99489, and 99490 include time spent by the clinical staff or billing professional, and it counts against the average time the clinical staff needs to spend in a given month. CCM services not rendered directly by the billing practitioner are delivered on an “incident-to” basis by clinical personnel under the billing practitioner (as an integral part of the services offered by the billing practitioner), subject to relevant state legislation, licensing, and practice scope. The clinical workers are either employees or contractually hired by the billing agent that collects payment directly from Medicare for CCM.

Initiating Visit

Medicare needs initiation of CCM services during a face-to-face visit with the billing practitioner called an Annual Wellness Visit [AWV] or Initial Preventive Physical Exam [IPPE], or another face-to-face visit with the billing practitioner.
The Annual Wellness Visit usually applies to new patients or patients not seen within one year before the start of CCM. This initiating visit does not form part of the CCM program and is billed separately.
Practitioners who make an initiating visit to the CCM and personally carry out extensive evaluations as well as CCM care planning beyond the normal effort listed in the initiating visit code may also bill HCPCS code G0506. G0506 represents comprehensive evaluation and care planning by a physician or other trained healthcare professional for patients needing chronic care services. Following initiation of the CCM, G0506 is reportable once per CCM billing practitioner.

Want to find out how we do it? Read on, or contact us for a quick chat.

Patient Agreement and Consent

Having advanced consent for CCM services means that the patient is involved and aware of the available cost-sharing. This can also help to avoid duplicative billing by practitioners. Until furnishing or billing CCM, a practitioner must get approval from the patient. Consent can be written or verbal but must be stated in the medical record. The patient must know the following:
The aim here is to have everything in the patient’s medical record clearly stated, and preferably, within the patient agreement. Revocations, consents, and any modifications in the CCM service must be recorded.
Informed consent for patients only needs to be received once before CCM is activated, or if the patient wants another health practitioner to supply and charge CCM.
While cost-sharing for patients applies to the CCM program, most patients have extra insurance to help fund cost-sharing for the CCM. CCM can also help to prevent the need for more costly care in the future by proactively monitoring patient safety, rather than simply treating serious or acute illness and disease.

Steps in Billing CCM 99490

1. Identify Eligible Clients

You can use the Electronic Health Record to check for patients with more than two chronic conditions and run through reports sorted by the physician. Every practice will then review the report and exclude people who are not a good match for the CCM program
The patient must have two or more chronic conditions and also the following important elements:

You should concentrate on a small number of different diseases, such as COPD, diabetes, CVD, and A-fib when you start introducing a CCM service.
Contact the patient with an outreach initiative or address the CCM program during a regularly scheduled visit to encourage knowledge and understanding of the importance of chronic disease management. A good example is a dedicated telephone line that links to personnel with specialized CCM expertise. After hours this line is forwarded to the on-call clinician.

2. Inform and Enroll

Educate patients and allow them to participate in using a letter of invitation, accompanied by written consent. Explain the program interest, how the program operates, and the fact that it can be rejected, postponed or terminated. Also include details on how to terminate and transfer the service.
Authorization to share medical information electronically with other physicians depends on local and state regulations. Give details on the names of the appointed physician and the name of the CCM nurse.
Also, explain the monthly scheduled nurse appraisal appointment, which should be viewed as a routine visit, even though it occurs by telephone. Explain how and when bills are produced and the patient’s responsibility for coinsurance payments and deductibles.
It’s important to also check and verify the patient’s participation agreement by obtaining their signature on the consent form. Report it in the electronic chart that CCM has been clarified. You have obtained written consent to approve or refuse services from which (name of clinician) the electronic care plan is provided, and the right to stop CCM services at any time.

3. Interact with Them and Activate the Service

To provide care management for chronic conditions, you need to:

Provide patients with a written or online copy of their detailed treatment plan. It is a low-cost way to send the care plan to the patient portal, thereby allowing all eligible patients (or their designated caregiver) to participate and become familiar with portal use.
Record the amount of time spent.

It’s possible to set up a program that will keep track of time spent on non-face-to-face services, including:

4. Bill for Rendered Services and Get Your Reimbursements.

Validate that the criteria were met every month for each patient. You should also ensure that all the necessary conditions have been met before you submit CCM billing under CPT code 99490 at the appropriate time.


No, you can only furnish one form of CCM per service period. CPT reporting rules apply where CPT code 99491 can’t be reported with CPT codes 99487, 99489, or 99490 for the same calendar month.
Perhaps. The place of residence can be an assisted place of living or nursing home. You will need to find out how to sign the patient. If the facility accepts Part A, then you will not be able to bill CCM services. Instead, you should use codes such as 99307, 99308, and other certification codes for home health.
Practitioners can review the CPT definition of the word “clinical staff.” However, clinical staff’s time should only be considered if the requirements of Medicare, such as supervision, relevant State law, licensing, and practice scope are met.
Other staff can also help to promote CCM services, but only time spent by clinical personnel can be counted. Where the billing practitioner provides CCM services themself, the billing practitioner’s time can be counted as clinical staff time or added to professional CCM reporting.
At the very least, give them what Medicare requires. The only instance where they might not pay is if they’re a capitated Advantage plan. However, some Advantage programs do give and go beyond Medicare’s minimum standards.
No. For the codes, the time should be considered the standard times for office visits for evaluation and management purposes. These are presumed times defined by the American Medical Association through a physician survey. The codes were developed and valued for how much time the billing practitioner spends on themselves every month, but are not specific times. Time for the billing practitioner may go into tasks such as managing clinical personnel, conducting clinical staff operations personally, or, in the case of complex CCM, undertaking professional decision-making with moderate to high complexity.
All the variety of service elements should be regularly delivered in a given service span, except a specific service is not required or medically suggested. An instance is when the recipient does not have hospital admissions that month, so there is no management of a hospital discharge transition. All parts and the descriptors of the CPT code must be furnished for billing.
Standard CCM referring to CPT code 99490 assumes up to 15 minutes of work by the billing practitioner, and this portion of the service rendered cannot be delegated to another contractor. All the CCM service codes are expected to include the billing practitioner’s ongoing monitoring, supervision, collaboration, and reassessment aligned with the required service elements. The billing practitioner cannot assign or subcontract this work to any other person.
The duration of service to the CCM claim is one calendar month. Practitioners can report CCM when the service period is over or after the minimum required service time has been completed.
Yes. CCM is priced in the facility and non-facility settings under the PFS. The POS on the claim application should be in the location where the billing professional will normally give the recipient a face-to-face treatment.
No. As provided for in the calendar year (CY) 2014 PFS final rule with consultation period (78 FR 74424), a new consent is only required if the patient switches billing practitioners. In that scenario, the new billing practitioner must obtain and record a new consent before the delivery of the service.
When the beneficiary dies during the service cycle, the CCM service code(s) will be billed as long as the necessary service time for the code(s) has been met for that calendar month. Also, all other billing conditions must be met.


With this guide, you should have a more in-depth understanding of the intricacies involved in chronic care management and billing to Medicare. You also have enough resources to guide you through the steps of billing CCM 99490. Be sure to check insurance companies and your local Medicare carrier for any unique billing policies you need to know about.