Healthcare compliances training and discussion blog

Archive for March, 2010

HIPAA Compliance – Signing a Business Contract with Vendor to Ensure Safe Disposal of Medical Records


HIPAA compliance makes it mandatory for the covered entities like healthcare clinics, doctors, clearing houses, health plan providers, hospitals and billing companies to take complete responsibility of the protection of patient health information. The HIPAA law makes them accountable for any lapse, which results into unauthorized display of the protected information. The covered entities have their business associates who provide variety of services to them. The waste paper recycler is one such business associate who takes care of waste paper disposal.

HIPAA compliance regulations put emphasis on conversion of patient health records from paper to electronic format. For medical records which are still in paper format, the covered entities need to develop an effective disposal strategy so that unneeded patient health information can be safely shredded or disposed off, without exposing it. The covered entity is accountable for the protected health information, it important that it enters signs a business contract with professional and certified paper recycler or shredder. As per contract the vendor should perform following tasks:

  • Provide complete details on how the waste paper will be disposed off, safely.
  • Indicate the time taken towards disposal. It should clearly point out the time lapsed between collection and its destruction.
  • Ensure availability of specific sum of liability insurance, which provides risk coverage risk to the covered entity. This is because the covered entity is ultimately responsible for privacy of patient health records.
  • Provide complete information on all the safeguards placed in waste paper management plan so that covered entity can rest assured of no safety breaches, from collection to disposal of the paper records.
  • Provide proof of record destruction, whether it is by shredding, paper recycling or burning.

The vendor is also responsible for patient health privacy. To develop long term business relations with covered entity it is essential that the vendor should practice safe disposal of medical records The covered entity should get a written commitment in form of a signed contract to ensure HIPAA compliance during waste paper disposal.

A signed agreement with a business associate protects covered entity from penalties and persecution.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

HIPAA Compliance: Ensuring Safe Disposal of Patient Health Information Documents


The HIPAA compliance norms lay stress on the safe transaction and storage of the patient health information, whether on paper or in electronic format. The patient health information stored as electronic file in computer and protected by a system of username and password is much safer than paper documents. As medical documents are being converted into electronic health records, it has become necessary to dispose off the paper records in a safe and secure manner.

The safe disposal of the unneeded patient health documents is crucial because the health service provider is accountable for any breach, during information processing, exchange, storage or disposal. Any paper disposal vendor or recycler who seeks to enter into business alliance with any of the health service provider should employ the right waste paper management techniques that are in line with HIPAA compliance norms.
The covered entity and the vendor should together work in tandem to chalk out a good strategy, which ensure safe disposal of the paper documents. The following points should form the backbone of this joint strategy:

  • The health providers should train their staff to generate less paper wastage. The organization should switch to electronic mode of information processing from paper documents. This will greatly reduce the waste paper generation at source. The facility should maintain a list of the staff members who are responsible for generation, storage and safe handing over of the waste paper documents to the vendor. This brings in accountability into the system.
  • Paper should be trashed in locked bins and stored in safe areas of the facility, away from the busy areas. If the health providers want they can shred the documents in there own facility but it requires additional labor and capital.
  • If a vendor is given the task of shredding or recycling the documents then the covered entity should enter into a binding agreement that ensures that there is no lapse on the part of vendor right from collection of waste to its disposal in shredding machine or a recycling plant, because ultimately health provider is accountable for any safety lapse.
  • The vendor can shred the documents on the site or transport them to bulk shredding center. It should provide certificate of disposal so that time, place and proof of safe disposal are available to the covered entity.

Thus a well though out waste disposal scheme protects the covered entity from liability due to any breach in confidentiality of patient health information during its disposal.

Safe disposal of patient health documents protects the covered entity from penalties and criminal prosecution.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

HIPAA Compliance: Selecting the Right Software


The covered entities like hospitals, clearing houses, billing and coding companies, physicians, health insurance providers and multi-location clinics are bound by HIPAA compliance norms. It is essential that their business associates like medical transcription service providers also follow HIPAA regulations while they process, exchange or store the confidential patient health information.

Majority of the health information is processed electronically. It is necessary for covered entities and their business associates to use the right kind of software that processes the health information of the patient as per HIPAA compliance norms. The software should be such that it has security features, which protects the privacy of the patient health information. It should have following security features:

  • Able to track the user, whether a service provider or client and maintain a complete record of date, time and nature of access through a system of usernames and passwords. It should provide information on who accessed the data and what was viewed, updated or deleted.
  • Restrict the user access, to the required information only. It should allow the authorized user to view or process the patient information, which falls under his or her scope of job. The user cannot access any other information, which does not pertain to his or her work or department.
  • Provide override function, which grants special access or emergency rights to the staff member in case of emergency so that patient health care is not compromised in any way. But at same time, the in built messaging system should inform other users about such access and this includes the identity of the person and the information accessed. This is a part of security review, associated with override function and ensures accountability in the system through continued vigilance.
  • Anti-virus Firewall defense and a system of usernames and passwords to protect the health information system from virus and hackers.
  • Support e-mail encryption, so that the patient health information sent through mail is tamper proof.
  • The software should support internal messaging system, which updates the user about entry or exit of messages or other information, without having to leave the security of the organizational network.
  • The software should have online patient authorization system, which grants the health service providers the rights to use the patient health information for the good of patient. The online authorization for should have expiration date and clearly indicate for what purpose the patient health information will be used. The software should keep track on the expiration of the authorizations, so that they can be revalidated as and when required by the patient and the health service provider.
  • The software should support coding and billing procedures so that patient health transactions can be easily conducted electronically between different health service providers as per HIPAA compliance norms.

The main objective of the HIPAA compliance software is to protect the health information of the patient processed, exchanged or stored at various health entities. The software should facilitate smooth flow of the patient information through different networks in secure way. The security features should thwart hostile access and at same time, not hinder authorized users like providers or patients, so that the health of the patient is compromised in any way.

HIPAA compliant software protects patient health information.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Telemedicine: Employing Security Features to Achieve HIPAA compliance


Telemedicine is a branch of modern medicine in which patient health information is exchanged over a great distance, through a series of local and wireless networks. The remote settings of the patients make the exchange of health information with health providers, highly vulnerable to hostile intrusion.

The HIPAA compliance norms makes it mandatory all the covered entities like hospitals, clinics, clearinghouses, physicians, medical insurance companies and other health service providers to employ secure computer network systems, which follow stringent security codes. Any failure in HIPAA compliance on part of health provider, will surely invite strict regulatory action, in form of heavy fines or criminal prosecution.

The nomadic or remote settings of the patients make it a challenging task for the health providers to maintain the privacy of patient health information. A series of wireless and local area networks make the system vulnerable to hackers. Further lack of proper vigilance at remote settings attracts hostile intrusion from both, hackers and virus. To fortify the Telemedicine network against unauthorized access, the health service providers should incorporate stringent security features in the network and they are:

  • All the email communications should be in encrypted form. The email content is encrypted into strings of codes and transmitted over the network. At the receiving end, the coded message is assembled back into original form with help of a key. Even if someone manages to access it illegally during course of transmission, the coded message will make no sense to the hacker.
  • Facial recognition system helps the service providers to clearly identify the patients on the network, especially in the case of video conferencing.
  • Digital identity card is provided to the remote patients after identity verification by authorities. The encryption features and digital signature of the patients in the card authenticates the users and allows them access online health services.
  • The access to all the point-of-service computers should be user authenticated, to ensure that only authorized personnel access the system.
  • The computer network should be protected by firewall and should be constantly monitored to detect any intrusion. There should be an audit system, which maintains a record of time, frequency and nature of the hostile attacks made, on the network.

The security features in the network enable the health service providers to provide quality healthcare services to remote patients in a safe and secure way. The patient health privacy is protected and this is in line with HIPAA compliance norms. Telemedicine and EMR can safely deliver customized health solutions to remote communities.

Telemedicine is boon for remote communities.

Jason Gaya,

Read more on HIPAA compliance at,www.empowerbpo.com

E-learning: Employing Learning Management System to Deliver Online Learning


In the present times, e-learning is rapidly gaining importance due to many advantages that it offers, compared to conventional education. The widespread use of internet has made it easy for the instructors to provide online education to students, living far and wide. E-learning provides students the much needed flexibility to access and follow courses without hurting their daily routine. Any one who is working or is not able to enroll in the training institute due to limitation of time and distance, is immensely benefited by online learning.

Learning Management System

Keeping in the mind the vast business potential that e-learning offers to the course providers and the rich benefits, which the trainees or students can reap, it is necessary to create a platform that enables smooth flow of bidirectional flow information between trainers and trainees. This is where Learning Management System or LMS plays a crucial role. It is basically a collection of software tools that are programmed to facilitate wide range of online teaching and learning activities.

Salient Features of LMS

The Learning Management System should facilitate the course trainers to easily manage the content through proper storage, use and reuse, mechanism. To develop an effective online content management system it is necessary to host an LMS, which has following salient features:

  • Able to deliver online courses to targeted audience.
  • Manage online class transactions.
  • Track and manage online learning progress of students.
  • Able to access learning outcomes.
  • Report completion of learning tasks.
  • Manage student records.
  • Enable bi-directional flow of information between course providers and students, through an automated feedback system and help desk.
  • It should be SCORM compliant as this feature allows sharing of the content from different courses providers on the same LMS.

The Learning Management System provides e-learning solutions to educational institutes and online course instructors to provide people, high quality online education. The rapid advances in telecommunication technology has also thrown up new challenges for LMS and it necessary to incorporate new features in it, to provide even better online learning services through seamless and interactive connectivity between the educators and students, on a global scale.

A good Learning Management System is necessary to deliver online education.

Jason Gaya

Read more on e-learning solutions at, www.empowerbpo.com

HIPAA 5010- Graduating From HIPAA 4010 to Provide Better Health Insurance Service


Health Insurance Portability and Accountability Act (HIPAA) of 1996, addresses healthcare issues like, patient health information protection, insurance portability and simplification of health insurance administration. The voluminous health insurance data involved, makes the insurance administration process, cumbersome. The covered entities like physicians, hospitals, clinics, clearing houses, plan providers and their business associates need seamless connectivity, to synchronize their transactions in smooth manner. This will reduce processing time, cut operating cost and increase the overall productivity of the system. As a result the patients can enjoy better, safer and cheaper health insurance service.

The complete conversion of the paper records into electronic format is a time consuming task. The real challenge lies in creating seamless connectivity between different health services so that the patient health information is used safely to settle insurance claims, remittances and eligibility issues in time bound manner and to complete satisfaction of the customers.

This is where HIPAA 5010 will take over from HIPAA 4010. HIPAA 5010 overcomes the shortcomings of HIPAA 4010 by adopting a well a defined policy which supports structural and technical changes to provide a consistent and uniform content that creates a common platform for different health service providers. As a result covered entities like physicians, hospitals, payers, clearinghouses, dentists and pharmacies can easily share and process the patient health information in minimal time and cost.

HIPAA 5010 addresses drawbacks in HIPAA 4010, by providing solutions to the critical health care issues like claims attachment, quality and cost of treatment, patient health records and safety, pay for performance and pay consumerism. The ICD-10 diagnostics and procedural codes, which are missing in HIPAA 4010, make HIPPA 5010 highly accurate and flexible for the payers to capture more and better information about patients. This will enhance functional areas like:

  • Administration of Claims.
  • Management of contract with Health service provider.
  • Medical Management that includes referral and pre-authorization, disease and case management.
  • Assessment of Eligibility and Enrollment.
  • Customer service in handling the appeals and providing claim related support.

In the end, HIPAA 5010 with 1000 plus changes, from its predecessor, will greatly help increase interoperability and portability between the different health providers and their business associates. This will translate into huge savings in operational costs of the national healthcare system and enable the patients to receive better health insurance services at reduced prices, compared to what is available to them, today.

HIPAA 5010 will integrate healthcare insurance industry.

Jason Gaya

Read more on HIPAA at, www.empowerbpo.com

HIPAA Law-Selecting the Right User Authentication System


The main objective of the HIPAA law is to streamline health insurance system and provide continuous coverage to the people who change or loose their jobs. To do this effectively, special emphasis is laid on complete conversion of patient health records from paper to electronic format. This will make it convenient for the covered health providers and their business associates, to safely manage the voluminous patient health information in a cost-effective manner.

The HIPAA law advocates a very strong security policy, which guarantees the protection of the confidential health information from unauthorized access on the net. Password enabled access, is the most common type of the security system. But such a system is not reliable as the passwords can be easily hacked. Also when there are many passwords to remember, it becomes very cumbersome for the user to remember all of them. The patient or user writes them down on paper and this is an unsafe practice because if it falls in wrong hands it can result in financial losses for patient and the health service provider.

The smart card system provides a better option as it works on combination of the security card and a pin number. But there is a loophole in it. Incase of loss of smart card or if the pin number is cracked open by hacker, the secrecy of patient health information can be severely compromised. Further Smart card based authentication systems are costly and hence it becomes expensive for the small health providers to install.

A strong user authentication, which provides exceptionally strong defense against unauthorized access or intrusion, should be incorporated into the computer networks. Biometric authentication offers the best available solution to health service providers, as it integrates unique characteristics of the patient or the user, like fingerprints, iris scan, voice prints, signatures and keystrokes dynamics with a user password to create a highly secure access system. As this technology uses costly equipments, the health providers need to spend more, compared to other available options.

Under HIPAA law, all the covered entities like hospitals, clinics, clearing houses and other health service providers are responsible and accountable for the safety of the patient health information. Hence it is necessary, to put in place an impenetrable security wall, in form of reliable user authentication, which successfully neutralizes any intrusion. This protects the health organization from non compliance of HIPAA law due to poor network security.

User authentication fortifies the computer network against unauthorized access.

Jason Gaya

Read more on HIPAA at, www.empowerbpo.com

Tag Cloud