Healthcare compliances training and discussion blog

Archive for January, 2010

HIPAA security standard: Selecting the Right E-mail Service.


In the present times, Internet has taken a center stage in fulfilling the communication needs of the people. The speed, ease and wide reach it provides, makes it the most favored media for communication. An email is a great communication tool of the internet and is widely used by people to communicate with their doctors or medical insurers. This involves, exchange of confidential health information. To make this exchange of information on the net, safe and secure and secure, it is necessary to adopt HIPAA security standard while selecting the right email service provider.

The prime objective is to select an email service that safely carries the health information of the patient through the net. A safe transit and storage is a basic requirement of the HIPAA security standard. There are some essential features that an email service should have and they are:

  • The email service should meet or exceed the HIPAA standards.
  • It should have the ability to encrypt and decrypt the health data transmitted. This feature protects the confidential health information from unauthorized access as it passes through the public network. As the emails are stored on server during the transit through net, the chances of unwanted intercept increase considerably and encryption provides the best defense.
  • The service should provide have a secure back up plan to safely recover the data in case of a natural or manmade calamity.
  • Provide unlimited document or email transfer and at same time protect the data integrity.
  • It should have an inbuilt security feature that automatically logs off the system after some time of inactivity.
  • Personal or entity authentication is required as it confirms the identity of the person or the entity that access the personal health information, an important requirement of HIPAA security standard.
  • The software used should be user friendly and there should be no third party involved in any form. The email service should have security provisions that inhibit unauthorized exchange of information with the third party.
  • The service should have security feature that provides feedback to the auditors about the time, place and IP nos through which the protected health information had been accessed. This helps the auditor to keep track of the health information and ensure that it is accessed by authorized people only and the safety of information has not been compromised at any stage of storage or transmission.
  • Assign unique tracking number or username that is protected by strong password to control the access of the patient health information in a safe and secure manner.

The main objective of adopting HIPAA security standard while selecting an email service is to prevent patient identity theft and protect people from financial loss due to insurance frauds.

A secure email service ensures safe passage of health information through the internet.

Jason Gaya

Read more on computer network security in healthcare at www.empowerbpo.com

Advertisements

HIPAA Compliance: Using Encryption for Safe and Secure Management of Patient Health information.


The rapid rise in use of computer networks to process, store and exchange the patient health information has made it easy for the health providers to speed up and improve the quality standards of their services. The seamless connectivity that internet provides, makes it easy for patients to access their medical information and process it as per their own convenience, without wasting time.

But there are there are risks associated with electronic exchange of protected health information. Once the information is transmitted out of the private domain like a laboratory, hospital, clinic, insurance provider, billing service and patient’s network, into the public network, it becomes vulnerable to theft and unauthorized intercept.

To protect the loss of crucial patient health data it is necessary to adopt the right encryption procedure before the sensitive data is sent out to the receiver, through internet. The purpose of encryption is assure the sender that he or she is sending the information to the receiver in foolproof manner and the information safely reaches the receiver without any interception, during its journey.

To achieve HIPAA compliance it is necessary to maintain complete secrecy of the information whether it stored, processed or exchanged between two or more, different health entities. Any lapse can invite strict regulatory fines and convictions. Hence it necessary to protect the information as it travels through the internet between the sender and the receiver, by adopting the right encryption procedure. This can be done by adopting the Secure Socket Layer technology(SSL) that uses both, symmetric and asymmetric forms of encryption.

The patient health information is ciphered into a meaningless or senseless statement, which is of no use to any body who steals it. This is again converted back into original form by the receiver with the help of a secret key that has been provided by the sender. In this way the information routed is safe and secure and there is no possibility of identity theft, which is in line with HIPAA compliance.

Encryption ensures safe passage of confidential health information through the public network.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

OSHA compliance- Protects Workers from Mesothelioma


Asbestosis or Mesothelioma is a highly dangerous disease that causes cancerous growth in the lungs of the victims who are exposed to asbestos dust. Asbestos has some good properties, like hardness and heat resistance, which makes it very useful for automotive, insulation and construction industry. But at same time it is highly hazardous to human life because of its’ fine fibrous strands, which can easily find their way into the human body, through nose and mouth. The fine dust settles into the lung cavity and slowly gives rise to lung cancer, known as mesothelioma that has very high morality rates.

Exposure Classification

To fight this growing malaise, the Department of Labor enforces strict OSHA compliance norms, which regulate the workers who work in industries that use asbestos. OSHA classifies the exposure levels in four broad categories, depending upon the degree of exposure and they are:

  • Class I- This is the most hazardous class of asbestos exposure and is meant for workers who work on removing insulation and asbestos that is sprayed on the surface.
  • Class II- This is meant for workers who remove asbestos floor tiles and ceilings.
  • Class III- Regulates repair and maintenance crew, who work with asbestos related products.
  • Class IV- Regulates workers who clear asbestos waste and debris.

Safety Regulations:

OSHA has framed safety regulations to protect the workers from asbestos exposure. The aim is to reduce or eliminate the health hazards that asbestos inhalation poses to human life. Some important rules that need to be followed o achieve the OSHA compliance in asbestos protection, are mentioned below:

  • The permissible asbestos exposure limit should not be more that 0.1 air-borne asbestos fiber per cubic centimeter, in an 8- hour shift.
  • Protective clothing and mask should be provided to workers to protect them from lethal effects of asbestos exposure. OSHA approved High Efficiency Particulate AIR (HEPA) filter should be used because it can trap 99.97 percent of particles of 0.3 micrometer diameter particle.
  • Vacuum should be used to clean up the asbestos dust and use of compressed air is prohibited.
  • A licensed contractor should be hired to clean up the asbestos contaminated areas because this will reduce risk of contamination, considerably.
  • The employer should educate the workers on the risks of exposure and train them on how to work in a safe and secure manner.
  • Contaminated areas should be clearly marked with warning signs so that workers are aware of the danger zones in the facility.
  • Special decontamination areas in the facility should be set up so that workers can safely remove the contaminated clothing and safety gears without inhaling the dust.
  • The contaminated belongings of the workers should be safely disposed off in a safe container, marked with asbestos hazard warning.
  • Thorough medical examination of the workers is necessary and all the records should be kept by the employer for thirty years as Mesothelioma take many years to show its symptoms in the victims.

The objective of the OSHA is to create awareness about asbestosis and train workers, and employers to adopt safety standards that minimize or eliminate exposure to this disease. Proper OSHA compliance ensures protection from exposure to the carcinogenic asbestos fiber.

OSHA strives to reduce or eliminate asbestos exposure by framing and enforcing various safety regulations

Jason Gaya

HIPAA Security Compliance: Protects Confidential Patient Health Information


The stringent HIPAA security compliance norms make it mandatory for the all the entities like hospitals, insurance providers, payers, billing services, insurance plans and medical personnel to strictly adhere to the laws relating to the safe transfer and storage of confidential patient health information. To achieve HIPAA security compliance it is necessary to implement few steps that have been categorized below:

Establish Physical Safeguards:

Computer networks play a crucial role in processing, storage and exchange of health records of patients between different health care entities. The physical access to crucial information can be safely managed by following these steps:

  • Creating and implementing a policy that authorizes only limited and trusted people to access the confidential patient health data.
  • Installing workstations and computers in safe areas of the facility, which is accessed by authorized personnel. Devices like computers, fax, printers and copiers should be placed in such a manner so that unwanted people view data inside them.
  • All the computer programs should be protected by passwords and user ids to prevent, unauthorized access. The passwords should be securely managed so that unwanted people cannot access them.
  • A security system should be in place so that it manages passwords efficiently and guarantees the safety of patient health information when the staff members change positions or somebody leaves the organization.
  • All the storage devices, backup tapes and computer equipment should be accounted for by maintaining a proper log book that keeps track on them.
  • All paper documents that contain critical information, but not needed in the office should be shredded so that no body else can lay hand on it.

Enhance Computer Network Security

It is necessary to maintain a proper record of the hardware and software employed in the facility, and understand their role in processing the patient health information, safely. Risk analysis should be done by creating a flow diagram of the work process so that loopholes in the system can be identified and removed. The computer network should be protected from virus attack or hacking by adopting some security measures mentioned below:

  • Appropriate gateway security with capacity to deeply inspect the web content and filter out unwanted elements like debilitating software and virus should be, placed.
  • Anti virus solutions, digital signatures, firewalls should be in place to negate any debilitating online threat.
  • Proper encryption procedure should be followed, while sending out crucial health data from the organization network to the public network. The information should be strongly encrypted to protect it from unauthorized access or intercept.
  • The network security system should continuously monitor the network for any suspicious activity that indicates an unexplained deviation from the standard procedure and raise an alarm.

Educate Staff on HIPAA Security Compliance

A well trained staff forms the backbone of the successful organization. It is of utmost importance for an organization to increase the awareness about the importance of safe handling the patient health information. It protects the healthcare facility from lawsuits due to non compliance of HIPAA norms by an employee or employees. The organization should:

  • Provide staff access to HIPAA compliant training courses and seminars to increase awareness about importance of compliance norms.
  • Provide training in password management and virus protection.
  • Train on how to efficiently maintain logs and audits.
  • Carry out periodic review of employee’s HIPAA security compliance and update their training to hone their skills in managing safely, the patient health information.
  • Provide training on operating the backup system as per contingency plan in case of natural or manmade disaster with the aim to protect the health data and keep crucial operations running.

Hence for an organization to achieve the requisite HIPAA security compliance, it is necessary to integrate smoothly the software, hardware and personnel so all of them work in a cohesive manner, ably guided by an administration that continuously monitors, provides feedback and places safeguards to ensure safe handling of the crucial health information of the patient.

HIPAA security compliance ensures safe processing of patient health information.

Jason Gaya

Read more on HIPAA security compliance, www.empowerbpo.com

Enhancing Computer Network Security to Achieve HIPAA Compliance


Secure Computer networks are intrinsic part of the HIPAA strategy to completely convert the national patent health records into an electronic format that can be easily exchanged between different agencies like health care providers, insurance providers, and administrators. As a result the health care organizations can manage documentation process efficiently in minimal time and provide better service to the patients. But the present day computer system is prone to hacking and virus attacks, which steal or destroy the crucial data. To protect the patient health information there are network security rules that need to be followed so that the organization is able to achieve HIPAA compliance.

There are two main sections of HIPAA that relate to computer network security and they are:

Administrative Safeguards:

To achieve HIPAA compliance, it necessary for the provider to identify, guard and report against malicious software program in the system. The infected email carry with them worms, virus and Trojans and there should be a security system in place that checks for such unwanted entry. To manage the computer networks smoothly, it is necessary to maintain a vigil by installing special safeguards mentioned below:

  • Gateway and desktop anti–virus products should be used.
  • The security gateway should be able carry out, deep-packet-penetration, inspection and provide appropriate web filtering capabilities to the network.
  • Signature files that update at every 30 minutes should be used, as they are best form of defense against the fast moving worms.
  • All the security services and subsystem should be proactive with IPS (Intrusion Protection System) instead of IDS (Intrusion Detection System). This is necessary to protect the network from being infected with virus.
  • The installed firewall should provide protection from the top 50 Dos and DDos well known attacks. The installed security system should register the number time the attacks have been made and counter them effectively.

Security Safeguards:

For a computer network to attain HIPAA compliance it is necessary for the organization to frame security policy that make it mandatory for only the authorized personnel or software programs to have the access rights to protected health information.

  • The security device should support native form of authentication. For web related applications, Transparent Authentication should be used so that a same user who moves to different secure applications does not have to sign-in, his or her, username and password, every time he or she makes a jump.
  • The security system should support email content filtration process with keywords and regular expression string features.
  • To prevent, unauthorized access or intercept, of the patient health information when it on journey between sender and receiver, proper encryption techniques should be used. The transport of the PHI to public network should be done in strong encryption mode and received by authenticated users, who should have the requisite deciphering codes.
  • The security system should continuously monitor for any unwanted or suspicious deviation from the standard procedure and report anomalous activity immediately to IT manager.
  • Special security features like email content filtering application and digital signatures should be added in the system to prohibit dispatch of safe data to unverified receivers.

In the end it is necessary for all the entities that are involved in health care system like, health service providers, insurance companies, transcription service providers, payers, labs, internet service providers, hospitals and billing services to build a chain of trust so that any patient health information routed between them is kept high confidential. This can be done through a network of computer systems that strictly adhere to HIPAA compliance norms to facilitate a safe and secure transmission of confidential health information on public network.

Highly secure computer network is essential for exchange and storage of patient health information as per HIPAA norms.

Jason Gaya

Read more about HIPAA compliance at,www.empowerbpo.com

JCAHO- Ensuring Highest Patient Safety Standards


JCAHO stands for Joint Commission for Accreditation of Healthcare Organizations and is a non-profit and non–government organization that provides accreditation to hospitals and healthcare organizations. The commission has health care surveyors who visit hospital and healthcare facilities to check for the compliance of healthcare norms that have been framed by the Joint Commission.

Patient safety is one of the priorities of the Joint commission and it has framed safety policies for the hospitals and healthcare facilities so that deaths due human error are completely eliminated. Keeping in mind the safety of the patients undergoing treatment at various facilities, JCAHO has set standards that must be implemented by the hospitals. The organization at the same time evaluates its own standards with the aim to make them even better by setting up higher goals. The purpose is to maintain high level patient care and remove the existing deficiencies in the healthcare system. To do this effectively Joint commission adopts following policies:

Reporting Sentinel Events:

The term, Sentinel event, is used for an unexpected event like death or loss of limb or function due to some unattended risk in the healthcare premises. It is mandatory for the healthcare facilities and the hospitals to report such events so that root cause analysis of the event can be done with aim to know the true reasons behind it. Appropriate counter measures can be taken to prevent the reoccurrence in the future. To spread the awareness about the sentinel events the Joint Commission performs following duties

  • Provides aggregate data and analysis of sentinel events on the website.
  • It provides information on the errors and their frequency.
  • Sheds light on the outcomes and the methods of review.

National Patient Safety Goals:

The organization every year reviews the safety requirement of the patients so that they can be provided the treatment in safe environment without exposing them to the risks, associated with the treatment process and healthcare premises. While creating the goals for the coming year some of the existing goals are dropped and replaced with new emerging priorities. This approach provides flexibility to find effective solutions for the emerging patient safety problems. For the year 2010 the new set of goals are:

  • Ambulatory Health care
  • Behavioral Health Care
  • Critical Access Hospital
  • Home Care
  • Hospital
  • Laboratory
  • Long term care
  • Office- based surgery

Creating an Environment of Care:

JCAHO patient care initiative make is necessary for the hospital to implement a caring environment for the patient by establishing proper communication procedures to prevent adverse effects on the health care workers, patients and visitors. The implementation of a proper, information collection and evaluation system makes it easy to avoid adverse and unexpected events like patient fall or other injuries during intervention and improvement phase of the treatment.

Recommending Risk Reduction Strategies:

The Joint Commission recommends certain risk reduction strategies to the health care facilities. It is not necessary to follow them completely; rather they should analyze which of the practices are most suitable for their organization and adopt those. Below are the mostly likely risk reduction steps that are recommended by JCAHO and also reflect in the sentinel alerts on the website.

  • Eliminating wrong- site surgery.
  • Manage high alert medications.
  • Eliminate use of usage and inappropriate patient restraints.
  • Eliminate intravenous infusion pump errors.
  • Reduce risks of fatal falls.
  • Reduce risks of adverse transfusion events.
  • Reduce pre/post operative complications.
  • Reduce inpatient suicide.
  • Reduce infant abduction.

Thus JCAHO strives to improve the patient safety during the treatment by initiating guidelines to hospitals on the safe practices that they should adopt and reviews their working on timely basis. Once the compliance is confirmed, the Joint Commission issues the accreditation certificate to the concerned health care facility.

JCAHO strives to create safer environment for patients in the hospitals.

Jason Gaya

Read more on JCAHO, at http://www.empowerbpo.com

Tag Cloud