Compare.
Decisions, side by side.
42 plain-English comparisons of two adjacent rules, codes, statutes, or instruments — modifiers, HIPAA rules, Stark vs Anti-Kickback, payer audits, state overlays. Each entry links to the primary source (CMS, HHS, OCR, eCFR, NIST, or the state regulator) and frames the choice operationally: when to use one, when to use the other.
Coding
10 comparisons99213 vs 99214 (E/M selection)
99213 is a low-complexity established-patient office visit. 99214 is moderate complexity. Selection is by MDM or by total time on the date of service.
992139921499214 vs 99215 (E/M selection)
99214 is moderate-complexity MDM. 99215 is high complexity — typically a chronic illness with severe exacerbation, or 40–54 minutes on the date of service.
9921499215CPT vs HCPCS Level II
CPT (HCPCS Level I) is the AMA five-digit code set for physician services. HCPCS Level II is the CMS alphanumeric set for supplies, drugs, and ambulance.
CPTHCPCS IIICD-10-CM vs ICD-10-PCS
ICD-10-CM is the diagnosis code set used in every healthcare setting. ICD-10-PCS is the procedure code set used only for inpatient hospital procedures.
CMPCSModifier 25 vs Modifier 57
Modifier 25 is for a separately identifiable E/M with a minor procedure. Modifier 57 is for the E/M that resulted in the decision to perform a major (90-day global) surgery.
Mod 25Mod 57Modifier 25 vs Modifier 59
Modifier 25 reports a separately identifiable E/M on the same day as a procedure. Modifier 59 unbundles two procedures that would otherwise edit together.
Mod 25Mod 59Modifier 26 vs Modifier TC
Modifier 26 reports the professional component of a diagnostic service. Modifier TC reports the technical component. Together they equal the global service.
Mod 26Mod TCModifier 50 vs Modifier RT/LT
Modifier 50 reports a bilateral procedure on one claim line. RT and LT report each side on separate lines. Payer policy determines which is required.
Mod 50RT/LTModifier 76 vs Modifier 77
Modifier 76 reports a repeat procedure by the same physician. Modifier 77 reports a repeat procedure by a different physician on the same day.
Mod 76Mod 77Time-based vs MDM E/M selection
Two paths to an office E/M level: total time on the date of service, or the medical decision making framework. Pick whichever path the encounter supports.
TimeMDM
Compliance
4 comparisonsAKS Safe Harbor vs Stark Exception
An AKS safe harbor provides voluntary protection from criminal liability if its conditions are met. A Stark exception is mandatory protection — Stark prohibits the referral unless ALL exception elements are met.
AKS SHStark Exc.False Claims Act vs Anti-Kickback Statute
The False Claims Act creates civil liability for submitting false claims to the government. The Anti-Kickback Statute creates criminal and civil liability for remuneration to induce federal-program referrals.
FCAAKSHIPAA Civil vs Criminal Penalties
HIPAA civil penalties (OCR) escalate by culpability tier and are capped per identical violation per year. Criminal penalties (DOJ) apply to knowing disclosure, with prison terms up to 10 years.
CivilCriminalStark Law vs Anti-Kickback Statute
Stark is a civil, strict-liability self-referral law limited to physicians and designated health services. The Anti-Kickback Statute is a criminal, intent-based law covering remuneration to induce referrals for any federally-payable item or service.
StarkAKS
Billing
7 comparisonsCO-16 vs CO-50
CO-16 means the claim lacks information needed to adjudicate. CO-50 means the payer adjudicated the claim and determined the service was not medically necessary.
CO-16CO-50CO-50 vs CO-97 (denial reason)
CO-50 means the service is not deemed a medical necessity by the payer. CO-97 means the benefit is included in the payment for another service already adjudicated.
CO-50CO-97G2211 vs no G2211 (when to add)
G2211 is the Medicare add-on for longitudinal-care visit complexity. Add it when the practice is the continuing focal point; omit on discrete, one-off visits.
Add G2211Skip G2211Modifier GA vs GZ vs GY (Medicare ABN modifiers)
GA signals an ABN is on file for a service Medicare may deny. GZ signals no ABN was obtained. GY signals the service is statutorily excluded — never a Medicare benefit.
GAGZ / GYOffice E/M (99213) vs Facility Visit (G0463)
99213 is a professional office E/M billed under the MPFS. G0463 is a hospital outpatient clinic visit billed under OPPS by the facility. Site of service determines which applies.
99213G0463POS 02 vs POS 10 (telehealth)
POS 02 is telehealth provided in a location that is NOT the patient's home. POS 10 is telehealth provided in the patient's home. Reimbursement and policy treatment differ.
POS 02POS 10POS 11 vs POS 22
Place of Service 11 is a physician office. POS 22 is an on-campus hospital outpatient department. Choice affects MPFS payment under the site-of-service differential.
POS 11POS 22
Privacy
16 comparisons201 CMR 17.00 vs HIPAA (Massachusetts)
Massachusetts 201 CMR 17.00 prescribes specific data-security elements for personal information of MA residents. HIPAA provides the PHI-specific federal baseline. Both apply.
201 CMR 17HIPAABAA vs DPA (data processing agreement)
A Business Associate Agreement is the HIPAA-required contract between a covered entity and a vendor handling PHI. A Data Processing Agreement is the GDPR-required contract between a controller and processor of EU personal data.
BAADPABAA vs Subcontractor BAA
A BAA flows from a covered entity down to a business associate. A Subcontractor BAA flows from a business associate down to its subcontractor that handles PHI. Both are required for the chain to satisfy HIPAA.
BAASub-BAABIPA vs GIPA (Illinois)
BIPA is Illinois's biometric privacy statute — fingerprints, retina scans, voiceprints. GIPA is the state's genetic information privacy act. Both have private rights of action and have produced major class-action exposure.
BIPAGIPABreach vs Security Incident
A Security Incident is the attempted or successful unauthorized access to a system. A Breach is a more specific finding — unauthorized acquisition of unsecured PHI that requires notification.
IncidentBreachBusiness Associate vs Conduit
A Business Associate handles PHI on behalf of a covered entity and needs a BAA. A Conduit only transmits PHI without persistent access — and is exempt from BAA requirements.
BAConduitCMIA vs HIPAA (California)
HIPAA is the federal baseline. CMIA is California's stricter overlay — broader provider definition, stronger consent requirements, and a private right of action for patients.
CMIAHIPAAEncryption at Rest vs in Transit
Encryption at rest protects ePHI stored on disks, drives, and backups. Encryption in transit protects ePHI moving across networks. HIPAA requires evaluation of both as addressable specifications.
At RestIn TransitHIPAA Privacy Officer vs Security Officer
The Privacy Officer is responsible for the Privacy Rule. The Security Officer is responsible for the Security Rule. Both roles are required and can be held by the same individual.
Privacy Off.Security Off.HIPAA Privacy Rule vs Security Rule
The Privacy Rule governs uses and disclosures of all PHI in any form. The Security Rule governs the safeguards required specifically for electronic PHI (ePHI).
PrivacySecurityHIPAA vs 42 CFR Part 2
HIPAA is the general federal privacy baseline for all PHI. 42 CFR Part 2 is the stricter rule governing substance use disorder treatment records held by federally-assisted SUD programs.
HIPAAPart 2HIPAA vs HITECH
HIPAA is the 1996 baseline privacy and security law. HITECH is the 2009 act that strengthened HIPAA — extending direct liability to business associates and creating breach-notification obligations.
HIPAAHITECHMFA vs SSO
MFA adds a second factor to a single login. SSO consolidates multiple application logins behind one identity. The two are complementary, not alternatives.
MFASSOMHMDA vs HIPAA (Washington)
MHMDA is Washington's My Health My Data Act — regulating consumer health data outside HIPAA, with a private right of action. HIPAA continues to govern PHI handled by covered entities and BAs.
MHMDAHIPAAPatient Right of Access vs HIPAA Authorization
Right of Access is the patient's direct request for their own record — must be honored within 30 days. A HIPAA Authorization is the form a patient signs to allow disclosure to a third party.
Right of AccessAuthorizationSHIELD vs CCPA on health (NY vs CA)
New York's SHIELD Act sets data-security and breach-notification obligations for personal information of NY residents. CCPA/CPRA grants California residents privacy rights — but exempts most PHI handled under HIPAA.
SHIELDCCPA
Enrollment
2 comparisonsDME vs DMEPOS
DME is durable medical equipment. DMEPOS expands to include prosthetics, orthotics, and supplies. Medicare enrollment, accreditation, and billing flow through the DME MAC for DMEPOS suppliers.
DMEDMEPOSMedicare Part A vs Part B
Part A covers inpatient hospital, SNF, hospice, and some home health. Part B covers physician services, outpatient care, DME, and preventive services. Billing systems and claim forms differ.
Part APart B
Payer
3 comparisonsADR vs RAC audit
An ADR is a Medicare Additional Documentation Request — the MAC asks for records before paying or after paying a specific claim. A RAC audit is a contingency-fee post-payment audit by a Recovery Audit Contractor.
ADRRACMedicare Advantage vs Traditional Medicare
Traditional Medicare is fee-for-service Parts A and B administered by CMS. Medicare Advantage (Part C) is a private health plan paid by CMS to provide Parts A and B (and usually D) benefits.
TraditionalMA / Part CTPE vs SMRC vs UPIC
TPE is the MAC's Targeted Probe and Educate program. SMRC is the Supplemental Medical Review Contractor. UPIC is the Unified Program Integrity Contractor — the fraud-focused arm. Each has different goals and stakes.
TPESMRC / UPIC
The comparisons are free. The workflow is the product.
Knowing the difference between Modifier 25 and Modifier 59 is one click. Diagnosing why a specific claim was denied and how to appeal it is a workflow. The workspace is where the decision becomes an action.