HIPAA and HITECH (to say)
The Health Insurance Portability and Accountability Act (HIPAA) set in 1996, includes the obligation to protect the privacy and security of health information of individuals , defined as “protected health information” (PHI). The HIPAA regulation applies “under contract”, which include health workers, health plans and clearinghouses health.
The 2009 American Recovery and Reinvestment Act (ARRA) passed by the Obama administration, includes a section called Health Information technology for Economic and Clinical Health (HITECH) Act. The HITECH Act promotes the adoption of “electronic medical records” (Ehrs) to improve efficiency and lower health care costs. See the high adoption of electronic medical records would enhance the privacy and security risks, HITECH Act introduced new security and privacy related requirements on covered entities and business associates of the HIPAA.
Further, fines for non-compliance with the HIPAA privacy rule has increased significantly with the introduction of HITECH Act. Smaller practices are fined tens of thousands of dollars and large organizations provide are fined millions of dollars based on several recent landmark cases. To this point, the government has come to deliver HIPAA compliance audits is a significant revenue generation opportunities. Therefore, it has hired additional audit staff and plans to significantly increase the number of HIPAA Compliance Audit. For providers, this means an increased risk of substantial financial penalties, you should find to be non-compliant.
In accordance with these functions (HIPPA + HITECH are collectively referred to as the acts) requires investment in Adoption HIPAA Compliance Plan, staff training and attention to specific information types. Note that the acts do not need to use the technology, if combined with HITECH ARRA is heavily promoting and encouraging the adoption Ehrs. The purpose of this document is to help health professionals understand how patient portals to promote HIPAA compliance. There are numerous ways to go broader topics ranging from employment HIPAA Compliance consultants to adopt HIPAA Compliance Plan that have been written for similarly situated organizations. These issues are beyond the scope of this article.
Role of Patient Portal to help health professionals meet HIPAA and HITECH
patients, health care providers today have an insatiable desire for electronic access to information. Many heavy users of email, social media and other forms of electronic communication and they are challenging to communicate in this way with their healthcare professional. But this is where the problem begins and patient portals can help. Due to the inherent lack of security based email, email is not considered an acceptable form of communication if the message includes PHI. And what is PHI? In the broadest interpretation that there is any communication that contains personal information (name, address, phone, email, etc.) along with health information. I’ve heard some practices argue that if the patient prefers to communicate in this way (email) that the patient is actually “repeal” HIPAA and the procedure is not in conflict. Most healthcare Lawyers do not support this view since HIPAA is a federal act that does not have any provisions that allow patients to “renounce” protection of the law. So take this posture is risky bets and fines for non-compliance are steep.
So how practices meet the insatiable desire for operators to deliver patient satisfaction, even going with HIPAA and HITECH? Patient portals are certainly part of the answer. Simply put, patient portals are healthcare related online applications that allow patients to interact and communicate with health care providers. Functionality patient portals vary significantly, but may secure access to patient demographic information, appointment scheduling, payments, two-way messaging and access data from clinical if the web site is provided by the EHR provider.
Today in practice, we find a patient portals provided by the EMR / EHR providers, companies that provide “Practice Management” (PM) solutions and even third parties are promising patients may have access to all health information of a single website. These are usually referred to as “health Portals” and many believe “Microsoft Health Vault” to be a leader in this space. Since personal health portal not directly interact with the practice, these portals usually only contain clinical information is available through the myriad and growing number of healthcare data exchange.
Clearly, patient portals can help practices simultaneously achieve HIPAA compliance and patient satisfaction at the same time. But there are several challenges accepted broadly described here that are slowing the movement of patient portals:
- Change Management . This issue affects small and large organizations perform the basic system implementations. Comprehensive system implementations require redefinition remapping the business processes of all members of the organization. The issues and a lot of work involved to take on these types of projects are well documented and beyond the scope of this article, but they are the real issues that are slowing down the adoption of new technologies
- Cost / Time to implement. The government recognized that the cost part of this case and ARRA is providing up to $ 44,000 in training for the implementation of eHR solutions and meet all still defined “meaningful use” criteria. But in many practices, time to implement is still a big obstacle experts are busy seeing patients all day every day and this system always take weeks and months of training and lost productivity due to learning new techniques
- Current EHR solution meets the basic requirements of the patient portal is not available. This is a very common problem, especially for larger and / or highly specialized companies where systems have been developed and tailored to meet the complex clinical requirements, but were not designed to address patient communication and other patient facing claims today. Because of this complexity and customization, the adoption of the new solution is very inefficient and wholesale replacement is not considered the possibility of many of these providers
Broader Issues to deliver professional level clinical information to patients
Beyond the adoption of the above issues and many other unstated ones, there is a broader issue with the use sérfræðingur- level of patient portals for clinical information. To understand the perspective of the author on this issue, consider one of the real benefits of electronic health information is that in theory it is easily shared, aggregated, analyzed with respect and exchange. The fact is that achieving these benefits is still some years away, maybe more. The establishment of statewide health care exchanges, an important milestone, but much work remains to be done to achieve interoperability of clinical data. Microsoft Health Vault is pushing hard to be a platform that securely delivers a complete set of clinical data for patients that includes data from all their companies, pharmacies and lab results on one easy to use portal.
At best, the expert-level patient portal providing clinical data presents only one provider view, still many patients who need this information the most, many providers involved in their care. For example, one patient may have a family doctor who is Internist, cardiologist and endocrinologist all involved in their care. Looking at data from one expert would not give a complete picture. For this reason, the author believes that clinical information is provided in a single portal to a patient with a third party can make arrangements to gather information from all sources and deliver it to the patient in a single portal.
target of the adoption challenges of EHR / PM-centric (patient) portals and broader issues to deliver clinical data in professional level portals, it the role of “standalone” portals. By standalone portals, affiliate portals that provide direct access to the patient creation and editing patient demographic information, two-way secure messaging, appointment scheduling, payments and other clinical symptoms. These portals do not provide access to data from clinical. But standalone portals offer healthcare professionals the ability to quickly join the digital revolution, meet the insatiable desire of patients to communicate electronically in a way that is secure and HIPAA compliant, allowing online self-registration and run multiple efficiency at the same time.
If standalone patient portal vendor also offers HL7 integration, it should be relatively easy for the seller to provide HL7-based demographic data integration with existing systems to avoid any duplicate data entry issues and keep the data in sync .
And while most patient portal offerings are bound to complete EHR / PM auction, there are few vendors in the market that offer a well architected independent portals patients can be easily integrated into legacy environments. Undoubtedly, there will be new entrants in the market demand for these capabilities increases, but now small and large providers have at least some viable products to meet the demands of their stakeholders.