How we can help to make your software HIPAA compliant?
The Health Insurance Portability and Accountability Act was signed into legislation in 1996. These regulations were enacted as a multi-tiered approach that set out to improve the health insurance system. HIPAA has specifications that ensure the confidentiality and privacy of protected health information.
If you don’t know already, HIPAA is very important to every healthcare organization and here are a few reasons why:
HIPAA allows you to speak who may speak on your behalf. In cases when you get in an accident and unable to communicate, it is crucial that a trusted person be able to represent you. It's incorrect to assume that you can only have one individual representing you - you may designate as many people as you want to be your voice.
Everyone has complete access to a copy of their personal medical records. This is a given right and no institution can deny that.
HIPAA was designed to protect patients and their confidentiality. Every healthcare institution is required to have a compliance department, so if there is a compliance concern or breach of data, anyone can contact this department to resolve their issues.
Why does HIPAA matter?
All healthcare facilities that use, store, maintain or transmit patient health information are expected to be in complete compliance with the regulations of HIPAA. When completely adhered to, HIPAA regulations not only guarantee privacy, reduce fraud and improve data systems but are estimated to save providers billions of dollars annually. By knowing about and preventing security risks that could result in major compliance costs, organizations are able to focus on growing their profits instead of fearing these potential audit fines.
HIPAA has many parts, including many rules like the HIPAA Privacy Rule and HIPAA Security Rule. With Healthcare Reforms the industry needs to be flexible. Every healthcare establishment should be open minded when tackling healthcare because nothing is set in stone, nor will it ever be.
Common issues with HIPAA
1. Employees disclosing information. Employee communication about patients to friends or coworkers is also a HIPAA violation that can incur a significant fine on a practice. Employees must be mindful of their environment, restrict conversations of and avoid sharing any patient information with friends and family.
2. Mishandling medical records. Another very common HIPAA violation is the mishandling of patient records. If a practice uses written patient charts or records, a physician or nurse may accidentally leave a chart in the patient's exam room where it is accessible to other patients. Printed medical records must be kept safely out of view to the public.
3. Lost and Stolen Devices. Theft of PHI (protected health information) through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA penalties. Mobile devices are the most vulnerable to theft because of their size, therefore necessary safeguards should be put into place, such as password protected authorization and encryption to access patient-specific information.
4. Texting patient information. Texting patient information such as vital signs or test results is often an easy way that providers can relay information quickly. While it may seem harmless, it is potentially placing patient data in the hands of cyber criminals who could easily access this information. There are new encryption programs that allow confidential information to be safely texted, but both parties must have it installed on their wireless device, which is typically not the case.
5. Social Media. Posting patient photos on social media is a HIPAA violation. While it may seem harmless if a name is not mentioned, someone may recognize the patient and know the doctor's specialty, which is a breach of the patient privacy. Make sure all employees are aware that the use of social media to share patient information is considered a violation of HIPAA law.
6. Employees illegally accessing patient files. Employees accessing patient information when they are not authorized is another very common HIPAA violation. Whether it is out of curiosity, spite, or as a favor for a relative or friend, this is illegal and can cost a practice substantially. Also, individuals that use or sell PHI for personal gain can be subject to fines and even prison time.
7. Social breaches. An accidental breach of patient information in a social situation is quite common, especially in smaller more rural areas. Most patients are not aware of HIPAA laws and may make an innocent inquiry to a healthcare provider or clinician at a social setting about their friend who is a patient. While these types of inquiries will happen, it is best to have an appropriate response planned well in advance to reduce the potential of accidentally releasing private patient information.
8. Authorization requirements. Written consent is required for the use or disclosure of any individual's personal health information that is not used for treatment, payment, healthcare operations, or permitted by the Privacy Rule. If an employee is not sure, it is always best to get prior authorization before releasing any information.
9. Accessing patient information on home computers. Most clinicians use their home computers or laptops after hours from time to time to access patient information to record notes or follow-ups. This could potentially result in a HIPAA violation if the screen is accidentally left on and a family member uses the computer. Make sure your computer and laptop are password protected and keep all mobile devices out of sight to reduce the risk of patient information being accessed or stolen.
10. Lack of training. One of the most common reasons for a HIPAA violation is an employee who is not familiar with HIPAA regulations. Often only managers, administration, and medical staff receive training, although HIPAA law requires all employees, volunteers, interns and anyone with access to patient information be trained. Compliance training is one of the most proactive and easiest ways to avoid a violation.
How we can help to make your software HIPAA compliant
Our team has helped a number of clients to make sure their online communications platforms earn HIPAA-secure status. Archer Software’s HIPAA Expert certification is updated every year.
We have developed a large scalable software platform for grabbing and reliable storing medical assessments. It connects doctors with the latest medical imaging and video technologies. The platform includes multiple servers and workstations that can be connected to our cameras or any third-party medical cameras. It is capable of exchanging data with various external systems using the HL7 data format.
It stores video and images on private, local servers or through a cloud hosting solution. It integrates with existing hospital infrastructure to eliminate redundancy. All with a simple service plan that provides the latest medical imaging technology without a major capital investment.
This application was built on the primary technologies from 2004: the .NET Framework v2.0 and ADO.NET over PostgresSQL v8.x.
Our team has since made significant improvements to update the project to the .NET Framework 4.6 and Entity Framework over PostgresSQL v9.x with WiX Installers & MS Windows Server 2012 Platform.
Our team also introduced many SDLC technologies & Tools by:
Improving the process with Agile methods
Introducing a new generation of continuous integration platform with automatic environment deployment
Formalizing the test process (introducing test plans & extending checklists) and reorganizing it to reduce time belt shift effects
The latest major security improvements for storing data and transferring it over an intranet makes this system compliant with HIPAA standards:
Increasing the encryption level of the data encryption certificate
Authority signing of each application component and the encryption of all security-sensitive data into application configs
Additional encryption of the database connection (application connects to a local database over an ssl channel)
The other project is a national healthcare communications technology company that develops mobile, on-demand HIPAA-compliant systems that unify healthcare professionals within and between organizations by simplifying communications to accelerate, consolidate, and control information sharing. The application, developed by Archer from scratch, is designed for healthcare professionals and offers them secure, point-to-point, real-time access to other healthcare professionals – physicians, nurses, support staff and administrators – via any computer or mobile device. Archer is developing both web and native mobile ( iOS and Android) applications.
A current project is a market network, which offers the best of both a social network and a marketplace. This means that ssers can access a community to find help from other users for free, but are also able to connect with a qualified professional if needed anytime anywhere. The aim is to follow the way that millions of professional practitioners are doing their jobs in the mental health and wellness industry. To protect user’s data privacy, our system is being developed in accordance with HIPAA standards and will be certified as HIPAA compliant. Our certified experts have deployed the system infrastructure in accordance with HIPAA requirements.
The system will contain an iOS application, promo site, admin website, and a professional website.
Archer Software has a professional team of NetOps and project managers which can join in on phone calls with our technical consultants, making suggestions for changes to the infrastructure and code. Please contact us via firstname.lastname@example.org to get more information.