Key Takeaways
- ICD-10-CM codes classify diagnoses and are required on all insurance claims to justify medical necessity
- CPT codes describe medical procedures and services performed and determine reimbursement amounts
- HIPAA (Health Insurance Portability and Accountability Act) protects patient health information through Privacy, Security, and Breach Notification Rules
- The CMS-1500 (HCFA-1500) is the standard claim form used by physicians and outpatient facilities for insurance billing
- Medicare Part A covers hospital/inpatient services, Part B covers outpatient/physician services, Part C is Medicare Advantage, and Part D is prescription drug coverage
- Managed care models include HMO (requires PCP referral), PPO (no referral needed but higher premiums), and EPO (no out-of-network coverage)
- The explanation of benefits (EOB) is sent to the patient explaining what was billed, what insurance paid, and the patient responsibility
- Medical assistants must understand accounts receivable, accounts payable, and basic bookkeeping for practice finances
Last updated: February 2026
Medical Business Practices & Insurance
The administrative domain of the CMA exam tests your knowledge of medical office business operations, insurance billing and coding, and regulatory compliance. Medical assistants play a critical role in the financial health of a medical practice.
Medical Coding Systems
ICD-10-CM (International Classification of Diseases, 10th Revision, Clinical Modification)
- Purpose: Classifies diagnoses — tells insurance companies WHY the patient was seen
- Structure: Alphanumeric codes (3-7 characters), e.g., J06.9 (Acute upper respiratory infection, unspecified)
- Required: On every insurance claim to establish medical necessity
- Updated: Annually on October 1
- Used by: All healthcare providers, hospitals, and insurance companies
CPT (Current Procedural Terminology)
- Purpose: Describes procedures and services — tells insurance companies WHAT was done
- Structure: 5-digit numeric codes, e.g., 99213 (Office visit, established patient, low complexity)
- Categories: Category I (most common procedures), Category II (performance measures), Category III (emerging technology)
- Updated: Annually on January 1 by the AMA
- E/M Codes: Evaluation and Management codes (99201-99499) describe office visits by complexity level
HCPCS (Healthcare Common Procedure Coding System)
- Level I: CPT codes (described above)
- Level II: Alphanumeric codes for supplies, equipment, and services not covered by CPT (e.g., A4253 for blood glucose test strips)
- Used by: Medicare, Medicaid, and some private insurers
Health Insurance Types
Government Programs
| Program | Coverage | Eligibility |
|---|---|---|
| Medicare Part A | Hospital/inpatient, skilled nursing, hospice | Age 65+, certain disabilities, ESRD |
| Medicare Part B | Physician/outpatient services, labs, preventive care | Age 65+ (voluntary, premium-based) |
| Medicare Part C | Medicare Advantage plans (combines A + B, often with D) | Enrolled in Parts A and B |
| Medicare Part D | Prescription drug coverage | Medicare beneficiaries (voluntary) |
| Medicaid | Comprehensive coverage for low-income individuals | Income-based, varies by state |
| TRICARE | Military healthcare | Active duty, retirees, dependents |
| CHAMPVA | Veterans affairs healthcare | Dependents of disabled veterans |
| Workers' Compensation | Work-related injuries/illnesses | Employed individuals injured on the job |
Managed Care Models
| Model | Key Feature | Referral Required? | Out-of-Network? |
|---|---|---|---|
| HMO (Health Maintenance Organization) | Must choose a PCP; lowest premiums | Yes, PCP referral needed for specialists | Generally not covered |
| PPO (Preferred Provider Organization) | Larger network; higher premiums | No referral needed | Covered at reduced rate |
| EPO (Exclusive Provider Organization) | Similar to PPO but no out-of-network | No referral needed | Not covered |
| POS (Point of Service) | Hybrid of HMO and PPO | Yes, for in-network specialist care | Covered at reduced rate |
Insurance Claim Process
The CMS-1500 Form
The CMS-1500 (formerly HCFA-1500) is the standard paper claim form used by physicians and outpatient facilities to bill insurance. Key fields include:
- Box 1: Type of insurance (Medicare, Medicaid, TRICARE, etc.)
- Box 2: Patient name
- Box 3: Patient date of birth and sex
- Box 12: Patient or authorized signature (release of information)
- Box 13: Insured's or authorized signature (assignment of benefits)
- Box 21: ICD-10-CM diagnosis codes (up to 12)
- Box 24: Service dates, CPT codes, diagnosis pointers, charges
- Box 31: Physician signature and date
- Box 33: Billing provider information and NPI number
Clean Claims vs. Rejected Claims
- Clean claim: Complete and accurate — processed without additional information needed
- Rejected claim: Contains errors — returned for correction (wrong code, missing info, etc.)
- Denied claim: Reviewed and payment refused (lack of medical necessity, non-covered service, etc.)
- Goal: Submit clean claims to maximize reimbursement speed (typically 14-30 days)
Key Insurance Terms
| Term | Definition |
|---|---|
| Premium | Monthly payment for insurance coverage |
| Deductible | Amount patient pays before insurance begins to cover |
| Copayment (copay) | Fixed amount paid at each visit |
| Coinsurance | Percentage of costs shared between patient and insurer |
| Preauthorization | Prior approval required before a service is performed |
| Referral | PCP authorization to see a specialist (required in HMOs) |
| EOB | Explanation of Benefits — statement from insurer detailing payment |
| Coordination of benefits | Process for determining primary and secondary insurance responsibility |
| Assignment of benefits | Patient authorizes payment to go directly to the provider |
HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes national standards for protecting patient health information:
HIPAA Rules
| Rule | Purpose |
|---|---|
| Privacy Rule | Establishes standards for protecting PHI (Protected Health Information) |
| Security Rule | Establishes safeguards for electronic PHI (ePHI) |
| Breach Notification Rule | Requires notification when unsecured PHI is compromised |
| Enforcement Rule | Establishes penalties for HIPAA violations |
PHI (Protected Health Information)
PHI includes any information that can identify a patient and relates to their health condition, treatment, or payment. This includes:
- Name, address, phone number, email, SSN, DOB
- Medical record numbers, account numbers
- Health conditions, diagnoses, treatment records
- Insurance information, billing records
- Photos, biometric data
Medical Assistant HIPAA Responsibilities
- Share PHI only on a need-to-know basis (minimum necessary standard)
- Ensure computer screens display PHI only when necessary
- Log off computers when leaving the workstation
- Shred documents containing PHI before disposal
- Obtain patient authorization before releasing records to third parties (except for TPO: Treatment, Payment, and Operations)
- Report any suspected breaches to the privacy officer immediately
Practice Finances
Key Financial Concepts
| Concept | Definition |
|---|---|
| Accounts Receivable (A/R) | Money owed TO the practice (from patients and insurance) |
| Accounts Payable (A/P) | Money owed BY the practice (to vendors, suppliers) |
| Day sheet | Daily record of all financial transactions |
| Ledger | Individual patient financial record |
| Aging report | Categorizes A/R by how long invoices have been outstanding (30, 60, 90, 120+ days) |
| Fee schedule | List of charges for each service provided |
| Write-off | Amount subtracted that will not be collected (contractual adjustment) |
| Collection ratio | Percentage of money collected vs. money charged |
Telephone Procedures & Communication
Professional Telephone Etiquette
- Answer within 3 rings with a professional greeting including the practice name and your name
- Speak clearly, at a moderate pace, with a pleasant tone
- Never place a caller on hold without asking permission first
- Document all calls in the patient's medical record, including date, time, caller, and details
Handling Incoming Calls
| Call Type | Action |
|---|---|
| Emergency | Stay on the line, call 911 if needed, do NOT put on hold |
| Prescription refill | Collect details (medication, pharmacy, patient info), relay to provider |
| Appointment requests | Schedule per practice protocol |
| Test results | Verify patient identity, follow practice protocol for releasing results (provider may need to call) |
| Referral requests | Obtain insurance info, verify authorization requirements |
| Billing questions | Transfer to billing department or handle if trained |
| Third-party calls | Verify identity, check for authorization to release PHI |
Telephone Triage
Medical assistants should never diagnose or provide medical advice over the phone. However, they should:
- Recognize emergency situations requiring 911
- Follow office protocols for urgent vs. routine concerns
- Document all calls accurately and completely
- Relay messages to the provider promptly
Written Communication
Business Letters
- Use modified block or full block format
- Include: letterhead, date, inside address, salutation, body, complimentary close, signature
- Use formal, professional tone
- Proofread for grammar, spelling, and accuracy
Types of Business Correspondence
| Type | Purpose |
|---|---|
| Referral letters | Communicate patient information to a specialist |
| Collection letters | Request payment for outstanding balances |
| Consultation letters | Share findings between providers |
| Recall/reminder letters | Notify patients of overdue appointments or screenings |
| Termination letters | Formally end the provider-patient relationship (requires adequate notice) |
Office Management
Equipment and Supply Management
- Maintain an inventory control system for medical and office supplies
- Reorder supplies when stock reaches the reorder point (minimum quantity before new order is needed)
- Track warranty information and maintenance schedules for medical equipment
- Follow manufacturer guidelines for equipment calibration and maintenance
- Document all equipment maintenance in a maintenance log
Practice Management Software
Modern medical offices use integrated practice management systems for:
- Scheduling: Appointment booking, patient reminders, waitlist management
- Billing: Charge entry, claim submission, payment posting, collections
- EHR: Clinical documentation, e-prescribing, lab orders, results management
- Reporting: Financial reports, productivity reports, patient demographics
- Patient portal: Online appointment scheduling, secure messaging, test results access
Test Your Knowledge
Which coding system is used to classify patient DIAGNOSES on insurance claims?
A
B
C
D
Test Your Knowledge
A patient has an HMO insurance plan and wants to see a dermatologist. The patient must first:
A
B
C
D
Test Your Knowledge
Under HIPAA, which standard states that only the minimum amount of PHI necessary should be disclosed?
A
B
C
D
Test Your KnowledgeMulti-Select
Which of the following are considered Protected Health Information (PHI) under HIPAA? (Select all that apply)
Select all that apply
Patient name and date of birth
The number of patients seen in a day (without names)
Medical record numbers
Diagnosis and treatment records
General health statistics with no identifiers
Patient Social Security numbers
Test Your KnowledgeMatching
Match each Medicare Part to its coverage type.
Match each item on the left with the correct item on the right
1
Medicare Part A
2
Medicare Part B
3
Medicare Part C
4
Medicare Part D
Test Your KnowledgeFill in the Blank
The standard claim form used by physicians to bill insurance companies is called the CMS-___ form.
Type your answer below
Test Your Knowledge
A patient's insurance claim is returned because the diagnosis code is missing. This claim is considered:
A
B
C
D
Test Your Knowledge
CPT code 99213 represents which type of service?
A
B
C
D
Test Your Knowledge
An aging report for a medical practice shows outstanding accounts categorized by:
A
B
C
D