HIPAA stands for the Health Insurance Portability and Accountability Act. HIPAA is a federal guideline that aims to ensure that patient information and records are protected and maintain their integrity.
HIPAA Consists of Three Parts
- A transactions part that is designed to get users to submit claims electronically using X-12 based EDI claims submissions rather than on paper and sets claims status, referrals, and eligibility; and standardizes treatment codes.
- A privacy element that is designed to protect patients' medical details.
- A security element to make sure unauthorized persons cannot access the data.
Who is Required to Comply with HIPAA?
HIPAA compliance is required of all healthcare providers, payers and clearinghouses. Providers include hospitals, clinics, nursing homes, private practice physicians, dentists and suppliers. Payers include group health plans, health insurance insurers, health maintenance organizations (HMOs), Medicare and Medicaid, and government healthcare programs. Clearinghouses include billing service providers, re-pricing companies and value-added networks. In short, all healthcare organizations in the United States need to develop a HIPAA strategy.
HIPAA places increasing pressure on organizations to store and appropriately manage electronic documents and other types of content. HIPAA requires a wide range of healthcare documents to be kept for specified periods and also imposes strict data disposal processes. It also establishes restrictions for access to patient documents and information.
Step one toward HIPAA compliance for healthcare is a thorough risk assessment, followed by the creation of a detailed action plan, implementation and administration of the plan, and an ongoing audit.
You will most likely need to perform separate assessments for your business, transactions and security. Each assessment must include policy, procedure and practice evaluations. You must document these measures up to and beyond specific deadlines, and audits will cover policy and procedure.
There is no such thing as a HIPAA compliant document management software or hardware (despite the claims of some companies). To be compliant organizations must satisfy the intent of the law. They must have the mechanism in place that guarantees safe electronic storage, access and transmission of patient records.
It is organizations, not technology that must be HIPAA compliant. However technology can be used to help the organization in it's efforts to be HIPAA compliant.
Document management software helps with the management and security of patient records - which is a big component of HIPAA. However it is important to note that there are aspects of HIPAA which are beyond the scope of document management software.
How does Document Management Software help with Compliance?
Regulatory compliance certification is usually undertaken by the user organization and not the software vendor. Regulatory compliance is a function of both the technologies used and, very importantly, the processes put in place around the technologies.
Weprovide the user and document security, and activity audit trail that will support accountability, non-repudiation and appropriate access controls required by GMP and FDA 21 CFR part 11 compliance.