A Single Solution — Cost Savings and Compliance
Thought HIPAA compliance would cost you an arm and a leg? It doesn’t have to. There are scalable solutions that will convert your paper-based records to electronic files, store those files in an ultra-secure system and allow you to control the distribution of protected information, thereby ensuring the security and confidentiality of your sensitive information.
The Impact of HIPAA
When Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, it set forth various provisions for the privacy of protected health information (PHI) during diagnosis, treatment and billing for medical issues. As a result of this regulation, the U.S. Department of Health and Human Services (HHS) issued the “Privacy Rule” to guide healthcare providers through the implementation of HIPAA-compliant processes and procedures, and the “Security Rule,” which extends those protections to electronic information.
First Consulting Group, in a study prepared for the American Hospital Association, estimates that the healthcare industry will spend up to $22.5 billion on electronic document and content management solutions between 2001-2005. As clarifications continue to emerge regarding HIPAA, the HHS Privacy Rule and the HHS Security Rule, experts expect that spending will continue to increase.
ARMA International has stated, “Most healthcare organizations must comply with HIPAA’s Privacy Rule by April 14, 2003, but many other organizations—including a large number of employers—also will be affected by this rule. In fact, HIPAA’s Privacy Rule will impact, at least indirectly, all organizations in some way.” Whether through increased security on electronic transmission of health-related information (Security Rule compliance is required by April 21, 2005) or policy changes affecting how information is processed, organizations that deal with protected health information in any form, will be impacted by HIPAA.
In addition to protecting confidential patient information, the Privacy Rule was designed to encourage adoption of secure, effective electronic document and content management practices in the healthcare industry. As these systems are implemented, healthcare providers will realize tremendous benefits including all of the following:
- Reduced costs associated with filing, storing and retrieving patient information;
- Improved efficiency, as documents can be automatically routed through any organizational process including admissions, billing, collections and interactions with insurance providers;
- Enhanced security with electronic audit tracking—no more paper documents which are susceptible to misplacement and loss;
- Protected patient privacy resulting in improved patient confidence;
- Speedier “Explanation of Benefits” (EOB) and collections processes through real-time access to electronic records and information, providing significant improvement in cash flow through reduced days payable; and
- Avoiding fines and litigation associated with noncompliance.
In addition to the benefits that come from HIPAA compliance, the healthcare provider can realize tremendous cost savings, streamline organizational processes, and improve document security and storage through the use of an effective document and content management system. Clearly, there is tremendous motivation to adopt document and content management, and the pressure is on as the April 2005 deadline looms. In fact, AHANews indicates that improving security to comply with HIPAA is one of healthcare organization CIOs’ top two priorities in 2004. (“CIOs rate security, patient safety as top priorities for ’04, HIMSS survey finds,” Feb. 23, 2004.)
Selecting the Best Solution
With all of this potential, healthcare providers must take care in selecting the best electronic document and content management solution for their organization. Five key areas of concern include disclosure tracking, protected disclosure, de-identification of protected information, patient disclosure authorizations and generally protecting the security and privacy of personally identifiable electronic health information as it routes through the processes of diagnosing, treating, reporting and billing individuals for health-related issues.
Disclosure tracking—HIPAA regulations require that the healthcare provider track disclosures of personally identifiable health information to any internal or third party. This includes doctors, insurance providers, billing and claims processing and all other entities that might have reason to view the information.
Protected disclosure—The Privacy Rule allows for certain types of disclosures that do not require authorization from the patient. These include: (1) to the individual; (2) treatment, payment and healthcare operations; (3) disclosures with the opportunity to object; (4) incidental use; (5) public interest and benefit activities; and (6) release of a limited data set. There is specific information that must be captured for each disclosure, and, in some situations, only a subset of the patient’s record may be disclosed.
De-identification—There are no restrictions on the use of de-identified health information, and much of this type of information is used by the government, researchers and health organizations in compiling statistics. De-identification requires the user to strip all personally identifiable information (i.e., patient name, identity number, address, etc.) from the health document before it is passed on.
Patient authorization—A healthcare provider may not disclose protected health information (PHI) outside the scope of the HIPAA regulations without written authorization from the patient. This authorization must be obtained, recorded and then maintained for a period of at least six years. In general, authorizations should be specific as to the information being disclosed, the person disclosing and receiving the information, expiration, etc., so a separate authorization is often required for each disclosure.
Security—The Security Rule portion of the HIPAA regulations applies to the transmission of electronic protected health information (EPHI). The healthcare provider is to ensure the confidentiality, integrity and availability of all EPHI the covered entity creates, receives, maintains or transmits.
Christina Robbins is the Marketing Program Manager for Digitech Systems. She has a diverse background in software
development and telecommunications, and joined Digitech in January 2004. Christina develops marketing and communications programs designed to strengthen the effectiveness of Digitech’s reseller base.
Digitech’s Solution for HIPAA-Enabling Functionality
PaperVision Enterprise and ImageSilo are flexible document and content management solutions that will significantly assist any healthcare organization in attaining HIPAA compliance. With their powerful feature sets, PaperVision and ImageSilo address the specific concerns brought to the forefront by the Privacy Rule changes in the healthcare industry. The table matches key features and benefits provided by PaperVision Enterprise and ImageSilo with the specific HIPAA concerns they help to address.
HIPPA Concern: Disclosure Tracking
PaperVision Enterprise/Image Silo Feature: Enhanced Auditing
Advantage/Benefit: Force user to track critical information about every disclosure including a general purpose disclosure reason.
HIPPA Concern: Disclosure Tracking
PaperVision Enterprise/Image Silo Feature: Manual Disclosures
Advantage/Benefit: Patient data released during a phone call or in office consultation can be tracked quickly and easily
HIPPA Concern: Disclosure Tracking
PaperVision Enterprise/Image Silo Feature: Document Grants
Advantage/Benefit: Documents can be posted to a secure, web-accessible location combined with password security for disclosure to out-of-office parties.
HIPPA Concern: Protected Disclosure
PaperVision Enterprise/Image Silo Feature: E-mail Auditing
Advantage/Benefit: E-mails sent from the system are recorded in the system reports and the system can be configured to force a disclosure reason to be entered prior to sending the e-mail.
HIPPA Concern: Protected Disclosure
PaperVision Enterprise/Image Silo Feature: WorkFlow
Advantage/Benefit: Can restrict security levels to allow individuals to see only the portions of a patient’s information that they need to perform their function.
HIPPA Concern: Protected Disclosure
PaperVision Enterprise/Image Silo Feature: Document-level Security
Advantage/Benefit: Specific records can be filtered for viewing by specific individuals only.
HIPPA Concern: De-identification
PaperVision Enterprise/Image Silo Feature:Redaction
Advantage/Benefit: User-level settings control whether or not a user can turn off redactions to reveal PHI.
HIPPA Concern: De-identification
PaperVision Enterprise/Image Silo Feature: Redaction
Advantage/Benefit: Set redaction colors and styles so de-identified portions of a document blend seamlessly into the background.
HIPPA Concern: De-identification
PaperVision Enterprise/Image Silo Feature: WYSIWG E-mail and Printing
Advantage/Benefit: Redactions remain in place when e-mailing and printing
HIPPA Concern: Patient Authorizations
PaperVision Enterprise/Image Silo Feature: Imaging and Retrieval
Advantage/Benefit: Scan and store every copy of a patient’s disclosure authorization form in a readily accessible format from any location, anytime, anywhere.
HIPPA Concern:Security
PaperVision Enterprise/Image Silo Feature:Systems Operations/Queries and Utilization Reports
Advantage/Benefit: Tracks each activity performed by any user accessing the system. See this information displayed by user or by date/time.
HIPPA Concern:Security
PaperVision Enterprise/Image Silo Feature:Systems Operations/Queries
Advantage/Benefit: Tracks not only activities successfully completed by the user, but all activities they tried to perform such as looking up a patient record. Allows the administrator to audit individual user activity for anything that is suspicious.
HIPPA Concern:Security
PaperVision Enterprise/Image Silo Feature: User-level Security
Advantage/Benefit: Set up user accounts to restrict the functions users have access to, such as email,
printing, or annotations.
HIPPA Concern:Security
PaperVision Enterprise/Image Silo Feature: Document-level Security Audits
Advantage/Benefit: Perform security audits for individual documents. Provide a full listing of every access to and operation performed on the document.
HIPPA Concern:Security
PaperVision Enterprise/Image Silo Feature: Back-end Patient Data
Advantage/Benefit: Secure, airtight document storage can easily be configured to allow access to the database and electronic document storage only through 128-bit encrypted caching technologies,
so your database and document storage are never fully exposed to an end-user.
In addressing the Security Rule, both systems provide tools that protect personally identifiable health information during electronic transmissions. These include e-mail and document grants which speed up the exchange of healthcare information while ensuring the security and privacy of the document. For example, a doctor’s office can e-mail an insurance company using a “document grant,” which would contain a URL web link to a specific document, with a pre-determined automatic expiration date and password. Since all online document distribution takes place over secure 128 bit encrypted (SSL) technology, full HIPAA compliance is achieved while also enabling fast, secure and effective communication with the insurance company.
Feature-Rich Document Management
In addition to these HIPAA-specific features, PaperVision Enterprise and ImageSilo are robust, scalable, feature-rich document and content management systems that will simplify document management needs in any organization while saving them money. In addition to traditional, scanned paper documents, the system can automatically import electronic files from an identified directory through the Directory Manager component. These files are then available for retrieval using all of the features and functionality of the full document and content management system, and can even be opened in their native file format for editing. Powerful search and retrieval capabilities allow a user to access any document in the system, from any workstation, at anytime. All types of standard business processes can be automated using the optional workflow component. Processes are easy to set up using the graphical interface, and items will automatically appear on a user’s desktop. An Application Programming Interface (API) toolkit, included at no extra cost, allows the system to easily integrate with other business-critical systems already in place. Additionally, the basic system can be deployed in a matter of hours—not days or weeks like many other electronic document and content management systems. PaperVision Enterprise and ImageSilo not only enable HIPAA compliance, but also save healthcare organizations time and money.
Digitech Systems, Inc. is a recognized leader in the development of software and services in the document and content management industry. We are committed to bringing the prospect of any document, anywhere, anytime™ to an affordable reality. Digitech Systems, Inc. is headquartered in suburban Denver, CO. The software products provide affordable document and content management to organizations of any size. Three primary products include PaperFlow™ for image capture, PaperVision Enterprise for document and content management, and ImageSilo for secure off-site electronic document and content storage and retrieval. The line can be purchased as a fully integrated suite, or as process-specific components. Ease-of-installation, extensive functionality, architectural flexibility, low price points and legendary toll free
customer and technical support distinguish Digitech in the marketplace. For more information, or to obtain a free software demo CD, visit Digitech Systems.