HIPAA.
What is e-MDs Doing to Help?
Implementation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has caused a lot of anxiety among covered entities. While there are some parts of the act that should benefit physicians and their staff, other parts will require radical changes to office policies and procedures for the benefit of patients.
The HIPAA compliance officer required in each entity will not have an easy job, especially when records are maintained with paper-based systems. Last-minute modifications to the rules have eased the burden on physicians somewhat, but without a computerized system it will be extremely difficult to maintain the required levels of privacy.
Administrative Simplification Compliance Act
There are two parts to HIPAA. The first part deals with Administrative Simplification Compliance Act (ASCA). This part of the Act is seen as a benefit to all covered entities (including physicians' offices, clinics, etc.). Simplification and consolidation of data and transmission standards will significantly reduce the aggravation of dealing with the different formats currently used by payors, including their own twists on so-called "national standards". The following items are already in the e-MDs Solution Series applications to achieve compliance with ASCA:
- ANSI X12 835 (004010X091A1) Health Care Claim: Payment/Advice
- ANSI X12 837 (004010X099 A1) Health Care Claim: Professional
Medical Privacy Rule
The second part deals with the Medical Privacy Rule (OCR). The goal of OCR is to establish national standards that protect the privacy of Personal Health Information (PHI), and went into effect April 14th, 2003. This has been much more difficult to implement due to the impact on workflow patterns that are ingrained into practices. Simply considering the many areas in a practice where "casual views" of patient data are possible (sign in sheets, computer screens, reports, schedules, etc.), and knowing that this is just one step in compliance, gives one an idea of the enormity of the task. Computers, particularly an integrated EMR system, are one of the keys to achieving this compliance, and e-MDs Solution Series is being developed with this in mind. Features that help healthcare providers comply with OCR include:
- Automatic timeouts suspend use of the applications when there is no activity for a certain time period. The timeout protects against casual views of patient data, and also improves the accuracy of audit trails. Re-activation of each application requires an authorized username/password combination to be entered at the workstation.
- Role-based security determines who can access the system, and which features of the system group members may use.
- The scheduler has an option to show only initials instead of patient names. This is a view of data that is commonly left open on many terminals.
- Audit trails constantly track user activity by type. Importantly, the audit trails are perpetual, not just the last activity on an account.
- Consent master forms can be stored in the e-MDs DocMan master documents folder for easy access. Once filled out and signed by patients, a scanned copy can be kept in the specific patient file. This is one of the rules that was relaxed slightly, so that consent would not be required for every visit. This would also apply to those covered entities that perform various marketing activities requiring an individual's consent.
The Final Burden is on the Healthcare Provider
Ultimately, the obligation for HIPAA compliance is on the healthcare provider. It is your responsibility to see that all systems, including your EMR and Practice Management System, are functioning within HIPAA guidelines. We are dedicated to helping you with this task by creating software tools that make HIPAA compliance easier for you.