Is Your Healthcare Practice Managing HIPAA and PHI Compliance?
  • 28
    Mar

Is Your Healthcare Practice Managing HIPAA and PHI Compliance?

HIPAA compliance and Protected Health Information (PHI) are two hot topics in the healthcare industry daily. When you add to the conversation Electronic Medical Records systems and all the requirements around digital record keeping, things can seem a little overwhelming for
any size healthcare practitioner. Unfortunately, not understanding the rules can be costly because one HIPAA violation can reach a maximum penalty of $50,000 per
incident.

I get asked all the time if there is software that is HIPAA certified. The answer is: no software on its own can be HIPAA compliant. When storing HIPAA medical records and sending Protected Health Information (PHI), you need to ensure you are in compliance with both the
physical and technical safeguards required by the law. In the market, there are some EMR software packages that can also store related third party supporting documents
that are linked to the main records in the system. Buyer beware that not all solutions are created equal and they may not meet the HIPAA compliance guidelines for managing large document repositories. A number of EMR software companies do not even offer solutions for
managing third party documents and information. This causes more confusion for healthcare practitioners because they are left on their own to find the proper document management solution that will work with their EMR software and help them remain compliant.

Several of the key players in the EMR space partner with document management companies that specialize in secure repository management and workflow. In order for your practice to adhere to the HIPAA rules, regulations and other privacy guidelines for software, you need to
make sure your document management system at a minimum can meet the generalized HIPAA Compliance List below:

• 1) Give access to people that need to have access to the protected health information. Minimize risk by granting proper access rights to only the people that need to have access to do their jobs.

• 2) Safeguards in the software application must be in place to protect patient health information. Files must be securely stored and encryption must be used. Auditing systems and user events are a key part of the safeguards that must exist in the software.

• 3) Make sure you have proper Business Associate Agreements (BAAs) in place with any software vendor so that they safeguard and manage patient information properly. Limit access to information via secure logins and automated logging out of the system during a predefined period of inactivity. One of the most important things is user training and showing users how to safeguard the information in the software.

Creating a culture of compliance is very important in achieving your HIPAA goals.
We have been doing enterprise document management for healthcare providers for twenty years so we understand the importance of staying on top of changing regulations
and navigating them collaboratively with providers that utilize our solutions. It is important when selecting a software solution to choose one that is willing to work with you that both meets your needs and keeps you abreast of changing regulations. The annual maximum
HIPAA fines of up to $1.5 million per healthcare practitioner clearly show the importance of overall compliance and working with the right software and technology partners.

Written by: Bruce Malyon, CEO of MaxxVault LLC.
MaxxVault provides software solutions for the management, distribution and control of corporate documents. Benefits of MaxxVault Enterprise include: reduced costs,
increased efficiency, higher customer satisfaction and maintaining regulatory compliance. MaxxVault is an open system; it is built using the latest technology which provides enhanced security, dependability and interoperability with existing systems. For more information about
MaxxVault LLC, visit: www.MaxxVault.com