Radiology Plus-Getting Physical With HIPAA
Radiology Plus-Getting Physical With HIPAA
By Julie Crawshaw
The more than 40,000 comments the government received on its proposed rules for the federal Health Insurance Portability and Accountability Act (HIPAA) are important, but they shouldn’t be allowed to obscure something equally serious but imminently more fixable: the physical specifics of how you transmit patient data.
Alan Portola, vice president of sales and marketing for Clinicomp International and Clinteligent, a San Diego-based clinical information system provider, says keeping patient data safe from prying eyes is simple, especially when compared to figuring out what the final HIPAA rules will be.
"When we started Clinicomp as a point-of-care system for the critical care environment 15 years ago, we only handled the clinical charting at bedside." Portola says. "Now we offer a business model that uses an application service provider (ASP) for outsourcing." Portola explains that Clinicomp is a rental or subscription approach to data management. He points out that the company has HIPAA compliance issues it has to deal with on the clinical care side, but being an ASP adds more variables to the compliance requirement. One of these is being able to handle data throughout wide area network connectivity. "ASPs give the ability to run functionality at a hospital from a data center in a remote location," Portola says. "But accessing the functionality through the Internet adds a lot of risk to transferring patient data because the information architecture is open."
When Portola’s company began implementing its ASP model, it chose to obtain connectivity via virtual private networks (VPNs) as opposed to the Internet.
"We are using Web-based technology with dedicated lines, high-speed connectivity, and a high level of encryption minus the security risks of the Internet," he says.
When Portola and Clinicomp began investigating the proposed HIPAA requirements, one thing that appeared immediately is the approaching need to keep an audit trail as HIPAA is implemented throughout an enterprise. "You have to keep some functionality that deals with this security," Portola says. He says providing an audit trail for every user throughout the system means doing so not only when they enter data in the system. It also means being able to track everyone who views records at any time without entering data, and ascertaining where those viewers were at the time they were viewing the records.
Clinical decision support via the Internet can convert data into "on-demand" information and provide clinicians with a real-time tool to assist in delivery of patient care. Traditional clinical decision support systems have been based on retrospective presentation and analysis of data. Clinicians can document care at bedside; enter patient-specific screened orders for goods and services; access standards of care, protocols, or clinical pathways; and perform medical necessity and compliance checking. An ASP assists organizations, without the required level of capital resources, to provide this functionality for their patients and clinicians, while choosing a VPN provides them with the secure data transmission.
Portola says that for those organizations that are seeking outsourced functionality with an application service provider model, "The best recommendation I have, at least until all the HIPAA regulations are final, is to use VPNs that will guarantee good performance and good encryption capability."
In preparation for implementation of the federal Health Insurance Portability and Privacy Act, physician practices at a minimum should:
a. bring in a consultant.
b. begin steps toward purchasing a new electronic medical record system.
c. require employees to sign a form acknowledging penalties they will face, including possible fines and termination, if they disclose a patient’s medical information.
d. require affected employees to attend a mandatory sign-in training class once every six months.
e. c and d above
Among the steps practices should take to prepare for the federal Health Insurance Portability and Privacy Act are:
a. to develop procedures for terminating IDs and passwords when employees leave.
b. to modify their liability insurance policies.
c. to train all employees in the retrieval of electronic medical records.
d. to change all paper records to a numeric system.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.