Healthcare compliances training and discussion blog

Archive for February, 2010

HIPAA Law: Ensuring Secure Transmission of Patient Health Information Through Fax

Fax machine is a great asset, which organizations count on, to quickly send and receive information. It plays a significant role in managing well, the communication needs of the office. But with arrival of HIPAA law, it is mandatory for the covered entities and their business associates to install HIPAA complaint faxing systems so that protected health information of patients is not leaked out or exposed to unauthorized people during the transmission process.

As non-compliance of HIPAA law can invite penalties and criminal prosecution, it necessary to put in place few safeguards that make the daily use of the Fax machine, safe and secure.

  • Fax systems, which support email encryption, should be installed. The protected health information system should be encrypted before it is faxed. This will protect the information from unauthorized access, because only receiver has the key to decrypt the message back into original form.
  • The fax machine should be configured in such a way that no copies of received faxes are saved.
  • The Fax should have inbuilt copying system, which can print as many as copies needed. This eliminates the need of using an external document copier, like Photostat machine and prevents the exposure of the confidential patient health information to unauthorized persons.
  • The Fax machine should be placed in a secure place and accessed by only authorized personnel. On receipt of the Fax, the message should be delivered straightaway to the intended recipient.
  • The Fax numbers which are used regularly should be properly saved, and the speed dialing option should be used to prevent misdialing of the numbers.
  • There should be a sound policy in place, which manages efficiently the storage, duplication and disposal of the faxed protected health information, as per HIPAA law. The policy should also be able to address effectively, the wrong delivery of the PHI.
  • Before faxing to a new recipient, the number should be checked by sending a test message. This will ensure dispatch of crucial PHI to the intended receiver only.

Fax machine is integral part of the office communication system. Covered entities like clinics, hospitals, clearing houses, insurance companies and other health provider depend on it for their daily communication needs. With the advent of HIPAA law, the fax machine should be installed and used in a very secure manner.

HIPAA compliant fax machine should be used and have special encryption features, which allows the sender to encrypt the protected health information and send it as an email through the net. The PHI is encrypted into sequence of codes and transmitted to the fax machine of receiver also connected to the internet. The receiver has a key which decodes the encrypted email and prints back the information in the original form. Thus the message is faxed in a safe and secure manner over the net. These precautions help the health organizations to store and exchange the protected health information of the patient as per HIPAA law.

HIPAA compliant Fax helps in quick and safe transfer of patient health information.

Jason Gaya

Read more on HIPAA, at

Twitter – Tweeting the HIPAA Way

The increased use of the social media, especially Twitter, is a cause for concern for many people, keeping in the mind, the strict HIPAA compliance norms pertaining to patient health information. Twitter, is turning out to be the most favored communication tool, for healthcare professionals who want to maintain, quick and easy, connectivity with their patients.The increased use of social media in healthcare settings points towards the strategy of the healthcare organizations to advertise their services especially through Twitter, because of the vast reach, which it provides. To cut down advertisement costs in face of increased competition and economic downturn, healthcare professionals and organizations find Twitter, a cheap and effective advertising media.

Some surgeons tweet from operating rooms to the relatives of patient and keep them updated on the condition of the patient. For a marketing perspective, this might be a good way to woo more patients to the hospital by advertising about service, which reflects the customer-centric policy of the organization.

But Twitter in healthcare settings, is fraught with dangers. The HIPAA norms make it mandatory for all the covered entities like hospitals, health insurance providers, billing services and other health providers along with their business associates to ensure complete protection of patient health information, which they store, process and exchange between themselves. Irresponsible use of Twitter might result is leakage of sensitive health information of the patient and invite heavy fines and criminal convictions, which can ruin careers of the medical personnel, and tarnish image and business prospects of the health care organizations.

Use of Twitter from the operating room should be discouraged as it might affect the electronic signals of the machines installed in the room. Further a wrong or premature information tweeted from the room can damage the reputation of the organization. Any tweet, which leaks the identity of the patient or information, will surely invite legal troubles for the personnel and the organization.

It is necessary regulate the use of Twitter through a well managed healthcare social media policy. Vigilance should be maintained on what is being tweeted into the social media from the organization and all the medical personnel should be made aware of the regulations pertaining to the right use of Twitter. The tweeting rights should be given too authorized and reliable personnel. They should be made aware of the legal and financial implications of any lapse, which results in unauthorized display of confidential patient health information, knowingly or unknowingly.

Increased awareness, collective and individual accountability, sound social media management policy and sharp vigilance can make it easy for the healthcare organizations to use Twitter safely without leaking patient health information as per HIPAA laws.

Twitter and HIPAA can can co-exist with each other.

Jason Gaya

Read more on HIPAA at,

Employing E-learning to Achieve HIPAA Compliance

The busy schedule at the workplace makes it difficult for the healthcare professionals to attend training programs that educate about various HIPAA policies and standards. Many covered entities like the hospitals, multi-location clinics, health insurance companies and other health service providers are strictly bound by the HIPAA compliance norms and it is of highest priority for them to train their workforce in HIPAA privacy and security standards. This responsibility also falls on the business associates like transcription companies who provide support services to covered entities.

To educate the employees about patient privacy regulations, the organization needs to arrange for a training location, instructor and course material, which are costly. Further this type of arrangement makes it difficult for the employees to schedule their training program, without compromising their daily workplace routine. As a result the organization is likely to suffer production losses due to loss in man hours.

HIPAA online training courses offer a great opportunity to health organizations to train their staff in HIPAA compliance. The e-learning courses provide great flexibility healthcare workers to schedule their online education as per their convenience, without hurting their daily workplace routine. This means that the health service provider can maintain the desired productivity and at same time achieve complete HIPAA compliance.

Any HIPAA violation which is committed, knowingly or unknowingly, by employee or employees and leaks confidential patient health information, attracts severe penalties and convictions from regulatory authorities. To prevent such situation, the healthcare service provider should train the staff members in the HIPAA privacy and security standards.

The online learning courses run on Learning Management System and are user friendly. The employees can easily follow the course as per their convenience and stay updated on their progress, through a click of button. On successful completion of the course the candidates are immediately awarded their certificates.

HIPAA compliance online training courses train the employees of the covered entities and business associates so that safe management of confidential patient health information becomes the intrinsic part of their daily workplace schedule.

HIPAA online learning helps healthcare providers to train their employees easily.

Jason Gaya

Read more on HIPAA compliance at,

Balancing Social Media with HIPAA

Social media is completely changing the way people communicate with each. The online networking platform that social media provides has made it quite easy for the people to converse, exchange ideas, share opinions and distribute information, to shape mass opinion about an individual, product, policy, healthcare, education, etc. The list runs long.

An organized and credible healthcare system is crucial for well being of the human society. Health insurance also falls under purview of healthcare system and patient health information is of great significance. Insecure and a compromised patient health information system can have severe implications on the health and financial condition of the patients. HIPAA plays a pivotal role by enforcing strict regulations, which provide complete protection to confidential patient health information. The covered entities like the hospitals, clinics, billing and insurance companies and their workforce are governed by HIPPA compliance laws. Any lapse on their part can invite strict penalties and convictions.

Doctors, nurses, medics, paramedics, surgeons, etc are nowadays using social media tools like Facebook, Twitter, Flickr, etc, to communicate with each other. The patients also use social media to search for the right physicians or surgeons who can address their specific healthcare needs. This is the positive aspect of the social media in the healthcare settings. Also increased accessibility gives the patients the opportunity to share and improve their knowledge about a disease and treatment. The use of social media, word-of-mouth testimonial benefits the patients by providing them reliable information, which they can count on to conclude successfully, their pending health issues.

But there are also some threats, which social media poses to the privacy of patients. Lack of proper social media usage policies for healthcare workers and the human lapses can seriously put the integrity and confidentiality of the patient health information at risk. The intentional or unintentional display of the patient health information will surely invite strict penalties and convictions as per HIPAA regulations.

Instead of creating friction or conflict between HIPAA with social media through irresponsible use, the health care organizations should administer a sound social media management policy, which ensures that no leakages occur and what ever goes on the net is not detrimental to healthcare rights of the patient. If some how the information does manage to slip through, strict vigilance should ensure timely removal of the content from the net. The medical staff should be trained to handle social media in such a manner that both, organization and patients, are benefited through its constructive use.

Instead of opposing each other, the social media and HIPAA must be harmonized in such a manner that the vast reach, which social media provides, is used effectively to address the healthcare issues more effectively, without compromising the individual or collective healthcare privacy rights.

Social media and HIPAA can go hands-in-hands to provide great benefits to healthcare system.

Jason Gaya

Read more on HIPAA at

HIPAA Compliance in FTP Hosting

The HIPAA compliance laws make it mandatory for the covered health entities, like hospitals, clinics, billing and insurance companies, and their business associates associates to use completely HIPAA compliant computer network systems. FTP or File transfer Protocol also falls under this purview.

HIPAA covered health entities exchange large amount of confidential patient health information. The business associates of the covered entities, like the transcription companies also come under the purview of the HIPPA compliance laws. For safe and secure transfer of large volumes of electronic patient health information, through the public network it is necessary to employ HIPAA compliant FTP. The file transfer protocol has two components, namely server and client. The FTP user gets a unique username and password through which he or she can easily upload or download electronic file from the FTP server.

HIPAA compliance rules make it necessary for the FTP servers of the health organizations and insurance companies to adopt security measures, so that the electronic health information of the patient is safely transferred from sender to the intended receiver. HIPAA compliant servers have following security features:

  • The FTP servers are protected by 128 SSL encryption technology. The file is loaded on the server in an encrypted form and can be downloaded, only by an authorized person or entity in the original form, through a unique key, which the sender and the receiver share amongst them.
  • HIPAA compliant server offers a very secure and fast transfer of large volumes of digital data through Multi-thread file transfer system. This is quite faster than the normal FTP transfer.
  • HIPAA compliance in FTP server enables the user to continue their use of the existing firewall service. The unique username and password protects the system from unauthorized intrusion.
  • HIPAA compliant servers are user friendly and make it easy to download/upload large files without any complications.
  • Special Intrusion detection system provides foolproof security and thwarts any rogue entry into the system.

The encryption feature of the FTP server makes it impossible for the intruder to access the sensitive information and this completely falls in the line with requirements of HIPAA compliance norms.

HIPAA compliant FTP server enable quick and safe transfer of large volume of patient health information through public network

Jason Gaya

Read more on HIPAA compliance at,

HIPAA Compliance in Wireless Local Area Network

The rapid growth of communication technology and the need for connectivity during mobility has resulted in inclusion of Wireless Local Area networks in the modern communication network. WLAN provides the freedom to access, exchange, store and process the information from any point in the network.

Because of Wireless LAN, increasing number of doctors, nurses, paramedics and caregivers can process the patient data conveniently in large settings of the healthcare setting. The increased mobility, which it provides makes it easy for the medical personnel to exchange information while on move. This saves time, increases productivity and raises the quality of patient care.

But with this benefit of WLAN, comes an underlying security threat which can seriously compromise the ability of the health care facility to follow the HIPAA compliance laws pertaining to electronic exchange of confidential patient health information. The wired network, as it requires physical access, is safer compared to the wireless network. The open network architecture feature of the WLAN makes it easy for any unauthorized person to get behind the firewall and access the network. This poses a serious threat to the safety of the confidential patient health information, which is stored, exchanged or processed by the network.

To achieve HIPAA compliance the WLAN should have security features that are mentioned below:

  • Unique user identification.
  • Emergency access procedure.
  • Automatic logoff.
  • Encryption and Decryption system that creates tamper proof communication channel between the sender and authenticated receiver.
  • Ability to authenticate electronic health information and maintain integrity of the information.
  • The network should maintain its integrity through continuous monitoring and shut out any unauthorized access from any rogue entry point.
  • Clients associating with rogue entry points should be shut off from the network, unless they approach from the authorized access point.
  • Any change in the configuration of the access points, which points to unauthorized access should be immediately brought to the notice of the IT manager through proper communication channel.
  • Able to maintain a audit log of the time, nature and resolution of the intrusion and steps taken to avert it.

In the end the WLAN in any healthcare setting should be securely configured in manner so that it becomes safe for the organization to store and exchange the confidential patient health information in line with HIPAA compliance laws.

HIPAA compliance helps to secure the WLAN network for safe exchange of patient health information.

Jason Gaya

Read more on HIPAA compliance at

Joint Commission: Ensuring Highest Pediatric Care Standards Through Safer Medication

Wrong drug administration or a drug mix up can cause serious harm to the health of the patient. The risk increases manifolds, if the patient happens to be a child. A baby, kid or grown up child are at high risk from wrong drug administration and it is of utmost importance for the healthcare facility to follow the stringent Joint Commission laws specially created for this purpose.

Children at Higher Risk to Faulty Medication

When it comes to medication errors the children are at a greater risk and face more harm to their health than adults due to following reasons.

  • The drugs are generally formulated and concentrated keeping in mind the needs of the adult patients. For pediatric patients the drug dosage is altered to suit the needs of the children and this is where errors creep in.
  • Most of the healthcare settings are designed to handle the adult patients and generally lack the pediatric handling capabilities to address the medical needs of the children,exposing them to risks of drug complications.
  • As the children cannot communicate effectively about the side effects of the drug the medical staff does not get the feedback, which it can get from an adult patient. As a result it becomes difficult to mitigate the side effects due to wrong medication.
  • Lack of proper documentation and communication gap during the change of shift, admission, discharge or transfer of the child patient from one hospital to other is one other major reason of pediatric drug complication.

Employing Joint Commission Strategies

As the harm to the children due to faulty medication is more pronounced, the Joint Commission has several rules in place and at same time suggests newer practices with the sole objective to protect the children from drug complications.

  • The health facility should follow a standardized pediatric drug formulation policy and place stringent quality checks to ensure the right the dosage concentration before it is administered to the patient.
  • The medical staff should be trained to administer oral medicines by oral syringes and thus prevent their administration through venous route.
  • The medics should communicate effectively with parent on how to maintain the same level of drug dosage after discharge of the child from health facility as a part of continued treatment and recovery.
  • To prevent mix up of dosage concentration, the adult drugs should be kept separate from the pediatric preparations. Further wherever possible commercially available pediatric specific formulation should be used.
  • All pediatric patients should be weighed in kilograms and the requisite dosage of the drug should be administered according to the weight.
  • Pediatric experts and pharmacist should be assigned to the child care unit to oversee medication process and at same time guide the medical staff on how to follow the requisite safety standards for pediatric care.
  • High risk medications should be given in minimum required dosage strength and frequency to protect child from associated side effects.
  • The nurses, paramedics and the pharmacist should be well trained in use of specialized pediatric equipments.
  • The Joint Commission requires the health care facilities to employ continuous monitoring of the child under sedation, through pulse oxyimetry to prevent over sedation and its fatal consequences.

In the end the Joint Commission lays stress on building a proper communication channel between the caregiver or parents with the doctors or nurses to ensure that all the information about the medication procedure of the child is well understood by the parents. As a part of extended treatment in the home, the parents should clearly understand the dosage concentration, timing, route of delivery and the side effects associated with drugs. This will ensure that the child is protected from the drug overdose or complication even when he or she is at home, recovering from the illness, after being discharged from the health facility.

Joint Commission regulations protect children from faulty medication.

Jason Gaya

Read more on Joint Commission on,

Tag Cloud