Medical Coding Business of Medicine: 17 Things Every Medical Coder Needs to Know

words related to medical coding business of medicine
If you like this article, please share it.

** This article was reviewed and updated on February 19, 2024. **

What Is the Medical Coding Business of Medicine?

Healthcare is a business. Like physicians, medical coders (and billers) need to understand the business of medicine, as they play an essential role in the success of medical practices and facilities. That means complying with conventions, guidelines, and state and federal laws. When a practice or facility follows state, federal, and international laws and regulations, they are in regulatory compliance. And that’s good for business. 

If that sounds like a lot, that’s because it is.

According to AAPC, the CPC exam includes three questions on the business of medicine, which is covered under the “Compliance and Regulatory” series. The three questions may pertain to the following:

  • Services covered under Medicare Parts A, B, C and D
  • Applying coding to payment policy
  • Place of service reporting
  • Fraud and abuse
  • NCCI edits
  • NCDs/LCDs
  • ABNs
  • RVUs 

Since more than three topics are listed above, we can assume that we don’t have to know about all of these. But which ones? And the topics are pretty broad. The good news is that there are only three questions, and you don’t have to know much about each. However, you do need to know — what you need to know.

So, in the 17 things you need to know, I’ve covered the important points about each topic, so you should do very well on that portion of the exam. Don’t worry if you don’t already know it all. That’s why I’m here. I didn’t know any of this either. I did not know what I did not know.

medical coding business of medicine

17 Things Every Medical Coder Should Know About the Business Aspect of Medicine

1.  What is medical coding, how is it performed, and who performs it?

Medical coders explain what took place during a patient visit by assigning codes to services and diagnoses. They do this by translating information documented in the medical record into numeric and alphanumeric codes.

In the real coding world, they abstract pertinent information from the patient’s medical record and apply their coding guidelines and reimbursement knowledge to receive the best reimbursement possible. Coders need to keep up with coding updates and insurance payment policies, as they can change as often as quarterly.

A medical record is what is kept when a patient sees a physician. It includes observations, medical or surgical interventions, diagnostic tests and studies, and treatment outcomes.

Either the physician performs the coding, and the coder acts as an auditor, or the coder performs the coding of services provided based on the physician’s documentation. If the coder acts as an auditor, they will verify that the documentation supports the codes assigned by the physician.

2.  Why must the information in the medical record be accurate and complete?

If the information is not accurate and complete, the codes will be inaccurate. And that leads to inappropriate reimbursement. Therefore, the medical coder must review the medical record for its accuracy and completeness. The coder should query the physician or other healthcare professional if additional patient information or clarification is needed.

3.  What are code sets, and how do they differ?

Code sets are what the medical coder uses to classify medical diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. 

The different code sets are:

  • CPT, HCPCS Level II, and ICD-10-CM. Outpatient coders use these code sets and work in physician offices, outpatient clinics, and outpatient facility departments. Their focus is on physician professional services. Outpatient facility coders also use Ambulatory Payment Classifications (APCs). 
  • ICD-10-CM and ICD-10-PCS. Inpatient coders use these code sets and work in a hospital setting. They also assign medical severity diagnosis-related groups (MS-DRGs) for reimbursement.

These code sets are used for billing, tracking public health trends, and research.

4.  What is a Place of Service (POS) code?

A partial table from the Centers for Medicare & Medicaid Services (CMS) shows the POS code, name, and description.

A Place of Service (POS) code is a 2-digit code that should be used on professional claims to indicate where the service was rendered, such as in a physician’s office, hospital, nursing facility, or facility outpatient department.

For example, if a patient is seen in the physician’s office for a right ankle fracture and receives treatment, the POS code would be 1, because the service was rendered in the office. This is the POS code that would go on the claim form. The individual payers should be checked for their individual policies on these codes.  

5.  How do you define fraud and abuse?

Fraud and abuse in healthcare encompass a range of deceptive practices that undermine the integrity of billing and reimbursement systems. The AAPC defines fraud as “to purposely bill for services that were never given or to bill for a service that has a higher reimbursement than the service produced.” Abuse, on the other hand, is “payment for items or services billed by mistake by providers, but should not be paid for by Medicare.”

The Office of Inspector General (OIG) is mandated by law to fight waste, fraud, and abuse in Medicare, Medicaid, and other Department of Health and Human Services (HHS) programs. According to the OIG, under the False Claim Act, “It is illegal to submit claims for payment to  Medicare or Medicaid that you know or should know are false or fraudulent. The OIG goes on to state, “no specific intent to defraud is required.”

6.  What is a compliance plan, and what are its benefits?

A compliance plan is a written document outlining the coding and billing process and what corrective actions will be taken when mistakes are made. A compliance plan also helps combat fraud and abuse. Every physician’s office and facility should have a compliance plan and should make active use of it.

Although patient care is the priority, when an effective voluntary compliance program is in place, it can also enhance patient care by increasing the accuracy of documentation.

According to the OIG, an effective compliance program can benefit the physician’s office or facility by:

  • Increasing the number of accurate payments of claims
  • Reducing the number of billing mistakes
  • Lessening the chances that an audit will be conducted by the Health Care Financing Administration (HCFA) or the OIG
  • Preventing conflicts with the self-referral and anti-kickback statutes

The key elements of an effective compliance program for individual and small physician practices include:

  • Conducting internal monitoring and auditing
  • Implementing compliance and practice standards
  • Designating a compliance officer or contact
  • Conducting appropriate training and education
  • Responding appropriately to detected offenses and developing corrective action
  • Developing open lines of communication
  • Enforcing disciplinary standards through well-publicized disciplinary guidelines

7.  What does the OIG post on its website and update every month?

The OIG explains in the OIG Work Plan the various projects, including OIG audits and evaluations, that are in progress or planned to be addressed during the fiscal year and beyond. This Work Plan is updated on their website monthly and includes potential problem areas with claims submissions that they will focus on.

8.  Who are the medical providers that staff physician offices and hospitals?

There are different providers with different levels of education who work in physician offices and hospitals. They include physicians and mid-level providers. Mid-level providers are also called physician extenders, including physician assistants (PAs) and nurse practitioners (NPs). They often receive lower reimbursement than physicians and must have supervision.

Each state has a scope of practice guidelines for the different provider levels. These guidelines describe the procedures, actions, and processes a healthcare provider can take according to the terms of their professional license.

9.  What are the two different types of payers?

The two types of payers are self-pay (patients pay their medical bills) and insurance coverage. Insurance coverage is broken down into two main types: commercial and government.

  • Commercial carriers are private payers that offer group and individual plans. Private payers like Blue Cross Blue Shield may provide basic, hospitalization, and major medical coverage. Private payers vary but usually operate in the state where they are based.
  • Government insurers include Medicare, Medicaid, and state-funded insurance programs.
    • Medicare is the largest third-party payer and is provided by the federal government. They cover people who are over 65 years of age, younger people who are blind or disabled, and those with end-stage renal disease (ESRD) or kidney failure. CMS regulations determine the coding requirements for Medicare and non-Medicare payers.
    • Medicaid is a health insurance assistance program that is administered by federal and state governments. It is in place for some low-income people, particularly pregnant children and pregnant women. Coverage and benefits vary by state.
    • State-funded insurance programs, such as Crippled Children’s Services, Children’s Medical Services, Children’s Indigent Disability Services, and Children with Special Healthcare Needs, provide free or low-cost coverage for people up to 21 years of age.

Each of these payers may have unique requirements related to claim submissions that medical coders and billers need to be aware of.

10.  Which services are covered under Medicare Parts A, B, C, and D?

Medicare is broken into four parts, and an individual can sign up for Medicare based on the type of coverage they prefer: Original Medicare or a Medicare-approved plan, known as Medicare Advantage. According to, Original Medicare includes Part A (hospital insurance) and Part B (medical insurance), with the option to join a separate Medicare drug plan for drug coverage, also known as Medicare Part D.

The other Medicare option, Part C or Medicare Advantage, is a private company approved by Medicare that provides an alternative to Original Medicare for health and drug coverage. These “bundled” plans include Part A, Part B, and usually Part D. Some of the Part C plans offer additional benefits, such as vision, hearing, and dental services.

11.  What is the purpose of National Correct Coding Initiative (NCCI) edits?

National Correct Coding Initiative (NCCI) edits were implemented to promote correct coding methodologies and prevent improper coding that leads to inappropriate payment. The NCCI edits tell professional coders when CPT codes should not be reported together during the same encounter for Part B covered services. 

The NCCI consists of one table of edits for physicians or practitioners and one table of edits for outpatient hospital services. You can learn more about these NCCI Edits on the Medicare website, which also includes a link to an informative booklet on using the NCCI Tools.

12.  How is “medical necessity” defined, and what coverage policies help determine the medical necessity of a procedure or service?

Medical necessity is a term health insurance companies use to describe the procedures or services covered under a given benefit plan. While definitions may vary across the healthcare industry, the general principle is to authorize only those interventions essential for effectively addressing a patient’s condition.

CMS states that medical necessity is governed by regulations outlined in Title XVIII of the Social Security Act, Section 1862(a)(1). This Act mandates that Medicare coverage is restricted to items and services deemed reasonable and necessary for diagnosing or treating illnesses or injuries within the scope of a Medicare benefit category.

When a physician provides services to a Medicare beneficiary, reimbursement is based on demonstrating the medical necessity of those services by documenting why the service was essential in addressing the patient’s medical needs.

To help in determining coverage, Medicare employs two key policies: National Coverage Determinations (NCDs) and Local Coverage Determinations (LCDs). NCDs, formulated by CMS, outline the criteria for Medicare coverage nationwide for specific procedures or devices, establishing conditions under which a service may be covered based on medical necessity.

Conversely, LCDs are created by Medicare Administrative Contractors (MACs) to translate national policies into regional guidelines. These policies may include specific codes indicating covered or non-covered services, particularly in instances where no NCD exists for a particular item.

Commercial payers may create their own set of reimbursement policies. Medical coders need to keep up with the different policies to ensure accurate and timely reimbursement.

13.  Is it HIPPA, HIPAA, or HIPPO, and what is this Act of 1996? 

HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. HIPAA is often misspelled as HIPPA. Maybe that’s because HIPPA looks more like HIPPO, and Harry, the HIPAA Hippo, the unofficial mascot for HIPPA, is a hippopotamus. I don’t know.

According to the U.S. Department of Health & Human Services (, the HIPAA Privacy Rule was issued to restrict the use and disclosure of protected health information (PHI) when held by a covered entity. A covered entity may be a healthcare provider, such as a physician, a health plan, such as Blue Cross Blue Shield, or a healthcare clearinghouse, which includes those entities that process care transactions electronically for another entity. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The covered entity is responsible for creating and implementing policies and practices to meet HIPAA requirements and protect the privacy and security of all data containing PHI.

The “Minimum Necessary” requirement is a key provision of HIPAA. It means that the minimum necessary protected health information (PHI) should only be shared to satisfy a particular purpose or carry out a function. Otherwise, it should be withheld.

The minimum necessary standard does not apply to the following:

  • Disclosures to or requests by a healthcare provider for treatment purposes
  • Disclosures to the individual who is the subject of the information
  • Uses or disclosures made pursuant to an individual’s authorization
  • Uses or disclosures required for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Rules
  • Disclosures to the HHS when disclosure of information is required under the Privacy Rule for enforcement purposes
  • Uses or disclosures that are required by other law

14.  Why was the HITECH Act of 2009 signed into law?

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law as part of the American Recovery and Reinvestment Act (ARRA) of 2009 to promote the adoption and meaningful use of health information technology (HIT). According to the HHS, the HITECH Act addresses the need for improved efficiency and quality in healthcare delivery systems. By motivating healthcare providers to adopt electronic health records (EHRs) and other HIT solutions, the Act attempted to streamline processes, minimize errors, and enhance overall patient outcomes.

Moreover, the HITECH Act was instrumental in strengthening the protection of sensitive patient data. To safeguard electronic health information, the legislation incorporated measures to reinforce privacy and security standards, particularly in alignment with the HIPAA regulations. These provisions were aimed at strengthening safeguards against unauthorized access, disclosure, or misuse of patients’ protected health information (PHI).

Furthermore, as HHS reports, the HITECH Act gave patients the ability to have greater control over their health information and the right to request an accounting of disclosures of their PHI made by HIPAA-covered entities via electronic records. Additionally, the legislation mandated notification to patients in the event of any unauthorized use or disclosure of their health information, ensuring transparency and accountability in healthcare data management practices.

15.  When is an Advance Beneficiary Notice (ABN) used?

An ABN is a notice issued by providers to Medicare beneficiaries when Medicare payment is expected to be denied, according to the CMS. The provider is not allowed to bill the Medicare patient for an uncovered service unless they inform the patient t before providing the service or procedure and have them sign an ABN.

Providers must provide the patient with a reasonable estimate, which should be within $100 or 25% of the actual costs, whichever is greater.

Many non-Medicare payers have a “Hold Harmless” policy in their contracts that states that the member will not be held financially responsible for the cost of covered services except for copayments, coinsurance, or deductibles.

16.  What is the standardized physician payment system that Medicare uses based on resource costs, and what are the relative value units?  

According to the American Medical Association (AMA), Medicare and most other payers use a standardized physician payment system consisting of three components: 1) resource costs known as the Resource-Based Relative Value Scale (RBRVS), 2) Geographic Practice Cost Indices (GPCI), and 3) a conversion factor.

At the core of the RBRVS lies the concept of Relative Value Units (RVUs), which serve as a metric in determining physician payment for services rendered. The objective of the RVU model is to pay physicians according to the amount of work performed, no matter the payer mix or amount of revenue generated.

The three types of RVUs influencing physician payment and their categories of resources include the following:

  1. Physician work RVUs: As AAPC reports, physician work includes technical skills, physical and mental effort, judgment and stress related to patient risk, and the time needed to perform the service or procedure. Physician work RVUs account for an average of 51% of the total relative value for each service.
  2. Practice expense (PE) RVUs: Includes medical and office supplies, clinical and administrative staff, and pro rata costs of building space, utilities, and medical and office equipment. Practice expense RVUs account for an average of 45% of the total relative value for each service. 
  3. Professional liability insurance (PLI) RVUs: Sometimes known as Malpractice (MP) insurance, the cost of PLI is based on an estimate of the relative risk associated with each CPT code. Professional liability insurance RVUs account for an average of 4% of the total relative value for each service.

Payments are calculated by multiplying the combined total of the three component RVUs times a conversion factor (a monetary value determined by CMS) and adjusting for geographical differences in resource costs.

17.  What ethical principles of professional conduct are required under AAPC’s Code of Ethics?

AAPC's code of ethics policy as it relates to medical coding business of medicine

All members of AAPC have the responsibility to conduct themselves in all professional activities in a manner consistent with the ethical principles of professional conduct, which are as follows:

  • Integrity: Members are expected to maintain honesty, accuracy, and truthfulness in all professional activities. They should act with integrity and avoid deceptive practices.
  • Respect: Members must treat all individuals with dignity, fairness, and respect, regardless of factors such as race, ethnicity, gender, religion, or socioeconomic status.
  • Commitment: Members are required to demonstrate dedication to their profession, their patients, and their colleagues. They should strive to uphold high standards of professional conduct and continuously improve their skills and knowledge.
  • Competence: Members are expected to perform their duties with competence and skill, adhering to accepted standards of practice and keeping abreast of developments in their field.
  • Fairness: Members should strive to be fair and impartial in all professional dealings, treating all parties with equity and avoiding conflicts of interest.
  • Responsibility: Members have a responsibility to their patients, their employers, and the public to provide quality care and services. They should also take responsibility for their actions and decisions.

Failure to adhere to these ethical principles may result in disciplinary action, including potential loss of membership with AAPC. 

Check Your Knowledge and Have Fun

medical coding business of medicine

Now that you’ve learned the 17 things related to the business of medicine, be sure to take the 10-question compliance and regulatory quiz to check your knowledge. In addition, have fun learning the medical coding business of medicine with this free crossword puzzle.

medical coding business of medicine
If you like this article, please share it.


  1. You could well publish an “Idiot’s guide to medical coding” based on your talent of spoon-feeding complicated info to any readers interested in pursuing a career in medical coding.

    This is my 4th day doing recon into the profession. Thanks so much for your thoughtful posts. They really help.

    1. Hey Karl,

      Thank you for your very nice comment. I’m glad my posts are helping you. We all respond differently to things, so if I can make topics easier to grasp for even some of you, I will have done my job.

      Good luck to you, and have a great day!

  2. This information is very helpful. You should create a YouTube channel if you do not already have one.

  3. Starting my coursework and this is all really helpful. I wish I could download this blog entry as a PDF, though. When I try to save it as one I lose formatting. But thank you for all of this!

Leave a Reply

Your email address will not be published. Required fields are marked *