NPI? EIN? HIPAA? Your TOP private practice billing questions – ANSWERED

Article Highlights

How to get an NPI Number  for your Speech Therapy Private Practice

What is an NPI Number?

Your National Provider Identification (NPI) number is a form of identification.  It’s an easy way for insurance companies to identify you – the person and the company who is providing a medical service.  Learn more from ASHA or directly from the source at NNPES.

It is FREE to get an NPI

How do I get an NPI Number?

Apply online for your NPI Number directly on the government website.

NPI? EIN? HIPAA? Your TOP private practice billing questions - ANSWERED

Remember to get one for you personally (if you don’t already have one)

Get an Organizational NPI for your private practice (must have your business name set and your EIN – ensure you use the same name exactly, to prevent confusion.)

What do I do with my NPI Number?

Put your NPI on your Superbills and 1500 claim forms.  This is important, especially if your private pay clients wish to use their Health Savings Accounts because it supports that you are a medical provider, providing a medical service.  Even if your clients are out-of-network, the insurance company may call you to confirm your identifying information, including your EIN and your NPI.  

Have more questions about NPIs?  

How to get an EIN Number for a Speech Language Pathologist for your Speech Therapy Private Practice

What is an EIN?

Your Employer Identification Number is a form of identification.

Wait, what if I don’t have employees- I’m a sole proprietor?  

Get it anyway.  Frequently in business, you will need a tax identifier number. You could use your social security number in many circumstances, but you need to protect your social security number.  Your EIN is your tax identification number – it’s how insurance companies and anyone who contracts with you will identify you, especially if you receive money from them.  

NPI? EIN? HIPAA? Your TOP private practice billing questions - ANSWERED

When you open your business checking account, you will need your EIN.  When a patient submits out-of-network to their insurance, you will need an EIN to put on your superbill.  If you contract out to provide services to a school, daycare, assisted living, or any other private practices, you will need to provide your EIN.  It’s free.  It’s fast and easy to get.  Just get one.  

It is FREE to obtain an EIN

How do I get an EIN Number?

Apply online for your NPI Number directly on the government website.  Again, be SURE you have your business entity filed first.  The name on the EIN, organizational NPI, bank account, all must be exactly the same, so be sure of your spacing, capitalization, and any LLC designations required.  

What do I do with my EIN Number?

Include this identifier it on your Superbill, 1500 claim forms, W-9s.  You will also need it for a business bank account and on your schedule C when filing your taxes. 

NPI? EIN? HIPAA? Your TOP private practice billing questions - ANSWERED

What It Means To Be HIPAA Compliant In Private Practice

When you are considering getting started in private practice, then you probably already know that you need to be HIPAA compliant. But what does this mean exactly? What do you need to do to ensure that you are complying?

First things first – Every private Practice needs to do a HIPAA Risk Assessment.  Ask yourself….

Are you a covered Entity? If so…

You need to address HIPAA with your clients, ensuring they understand their HIPAA rights and your HIPAA policy.  Your paperwork needs to sign they received/were offered a copy and understand it.  If you do online therapy, your website should provide access to your HIPAA policy.  Another resource for info: https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/AreYouaCoveredEntity

You need a BAA with your business’s systems service providers (e.g. if you use IntakeQ for your paperwork – get an BAA with them. Your video platform, e.g. Zoom needs a BAA). 

Who are “providers”?  Whatever method you are using to store or transmit data electronically. E.g. consider- how are you collecting intake/consent forms? How are you collecting payment? How are you storing your tx notes? If those methods are electronic, you need to use a system that has higher security to comply w HIPAA, including signing a Business Associate Agreement (BAA)

What Does It Mean To Be HIPAA Compliant?

Simply put, HIPAA is the acronym for the Health Insurance Portability and Accountability Act.

Most private practitioners tend to think about HIPAA as that entity that is always watching them. And the reality is that they are right. After all, being HIPAA compliant is directly linked to your ability to keeping medical records protected and the way you communicate with your clients. You probably already know that if you accidentally share your client information with someone that isn’t supposed to access it, you can get fined.

While protecting your clients’ confidentiality has been a part of private practitioners’ lives for many years, the truth is that things have changed a bit.

In the old days, private practitioners used to only use paper records. So, they had to assure that they had all these documents on a safe and on a closed closet that only a few people could access. But things have changed and most private practitioners use digital records and new technologies to either store private information as well as to communicate with clients.

Ultimately, you need to keep in mind that confidentiality belongs to the client and it is your job to maintain that information private and not share with anyone. Besides, it is also important to discuss with the client how you use or store that information.

Ultimately, you will never share or communicate what a client tells you without a written and signed document – an authorization for release.

Protecting Personal Health Information (PHI)

As we already mentioned above, PHI was easier to protect in the old days when all records were in paper. But now, you need to know how to better protect all the digital files of your clients:

Use A 2-Factor Authentication:

In case you are storing your clients’ files on your computer, then you need to ensure that you use a password for your computer and a different one to access any PHI.

Use Data Encryption:

While having good passwords is a good start, they are only the front door protection. The truth is that your computer can be hacked and this is why you need to encrypt PHI.

Store On The Cloud:

While this may seem strange, the truth is that storing PHI in the cloud can actually be one of the best options you have. However, this is only a good solution if you do it the right way. Ultimately, you need to ensure that you choose a cloud storage service that offers BAAs.

In case you don’t know, BAA stands for Business Associate Agreement and is a written arrangement that specifies each party’s responsibilities when it comes to PHI. No matter if you are doing private practice in an office or online using a video platform, for example, you need to have a BAA signed. Ultimately, the contract needs to describe how you store the PHI and how it is used, as well as it also needs to state that the business associate won’t use or disclose the protected health information.  

Check out how you can enable quick telehealth adoption.

The first thing you should do when you have a new client is to get releases from him or her around how they want to be communicated with for appointment reminders. You should make sure to let them know the risks involved and how you handle communications outside of the session. Clients need to sign that they received HIPAA notice needs to be signed by the client.

Action Steps for HIPAA Compliance…

1. Determine if you are a Covered Entity
2. Documents what your security policies are – including HIPAA policies and BAAs.
3. Perform a Security Risk Assessment – Save a copy for your records.
4.Create an Action Plan for anything that’s missing.
5. Create a file to keep your policies, risk assessment, copies of your BAAs, everything organized in 1 place
6. Drop a note in your planner to review your risk assessment at least annually.
NPI? EIN? HIPAA? Your TOP private practice billing questions - ANSWERED

Which CPT code do I use for…  and why does it matter?

CPT codes are a way to code what you did. The codes that you use are reporting the treatment that you provided.  Some activities don’t have CPT codes – like a phone call with a doctor or family member when the client wasn’t present or participating.  The client playing or taking a rest break while the clinician documents isn’t covered under a CPT code.  The client actively participating in education about their fluency disorder or following directions to produce a /k/ sound are included in 92507.  Addressing correct swallowing sequencing is skilled treatment under 92526.  Accent modification is not treating a disorder and is not included in CPT codes.

Not sure what to code to use?  

Consider – What are you treating? Is it a communication disorder or a swallowing disorder?  

Some areas, like childhood feeding disorders are tricky.  Luckily, ASHA has great resources that can help.  ASHA has articles on Answers to Your Feeding/Swallowing Coding Questions and this one that also clarifies Diagnosis ICD-10 codes – Pick the Right Code for Pediatric Dysphagia.  ASHA has guidance on using Medicare codes.  Using these resources from ASHA will help support your decisions if you ever need to defend your billing practices. 

Articles you May also enjoy...

Thrive Speech Pathology

We believe in individualized solutions and work hard outside the therapy room to make our work effective. We work collaboratively with families to communicate honestly about what’s important to them and what’s feasible for them. — Kelsey Thompson

Scroll to Top