Medical Billing Blog

Stay up to date with the latest revenue cycle news, trends, and policies.

Protecting our Providers: HIPAA Compliance Procedures

By: Gilbert Johnston

A few weeks ago, members of The Valletta Group attended the Healthcare Business Management Association’s (HBMA) Annual Compliance Symposium in Washington D.C. The event featured highly-informative lectures from various experts in the healthcare industry.

Compliance is a rather broad subject. Quite simply, it is the act of abiding by the governing rules and regulations of a particular industry. However, in the revenue cycle management (RCM) industry, certain aspects of compliance command much greater attention. At the forefront of most RCM insiders’ minds is the Healthcare Insurance Portability and Accountability Act (HIPAA) and more specifically, the privacy and security sections of Title II.


Compliance Symposium 2017 Washington D.C.
Gilbert Johnston, Jeff Bolar, and Cal LaGroue of The Valletta Group enjoying the view from the Senate majority leader’s private balcony.


While most professional industries have privacy rules, the standards in the healthcare and RCM industries put most other fields to shame. In fact, it’s hard to think of another field where such broad and basic information is protected so strictly. For example, digital copyright law is comparatively lenient and forgiving. If copyrighted information is shared online without the owner’s consent, the host escapes liability as long as a reasonable process exists for notification and removal of such content. In other words, accidents are allowed.

In the healthcare industry, the law is much stricter. Physicians don’t escape liability due to negligence or mistake. Providers face harsh fines and even jail time for failing to comply with HIPAA regulations. That’s why The Valletta Group takes compliance so seriously. We have numerous procedures in place to ensure not only that HIPAA and HITECH regulations are met, but that our clients’ data is always secure.

Below are some of the steps we take to protect our clients:

  • NIST risk management and analysis, policies and procedures library, sanctions for non-compliant employees, assigned security official, information system activity monitoring, semi-annual employee compliance education, new-hire HIPAA certification, incident process, anonymous path to reporting, sufficient assurances in contracts, physical attributes (safeguards and restrictions) surrounding workstations of ePHI, emergency plans, 24-hour secured facility, information system audit controls, user authentication

For reference, Protected Health Information (PHI) includes:

  • Names, addresses, zip codes, date of birth, date of treatment, phone numbers, email addresses, social security numbers, medical record numbers, health plan numbers, account numbers, certificates/license numbers, vehicle serial numbers, personal identifiers (such as finger prints, voice recordings, bloodwork, photos, DNA, etc.), URLs, device numbers, IP addresses, and more

To learn more about The Valletta Group’s compliance procedures, call us at (888) 874-7084 or contact us through our website.

About the Author: Gilbert Johnston

Gilbert has nearly 15 years of experience in the medical billing industry. He's a Certified Healthcare Business Management Executive (CHBME), as recognized by the Healthcare Business Management Association (HBMA), the leading organization for Revenue Cycle Management professionals. He also has extensive knowledge in matters of compliance, including HIPAA and HITECH, having served as the Compliance Manager at Valletta for years.

Full Bio

Download a Brochure


Request a Quote


Ask Us a Question



A management and billing staff consisting of the most experienced individuals in the Industry.

Learn More


Solutions for every step of the revenue cycle, plus compliance, value-based care, and more.

Learn More


We partner with the best to help our clients get to the next level.

Learn More


Maximize return on investment with highly accurate results and best-practice customer service.

Learn More