So what is this HIPAA thing, and how does it apply to the management of Documents? Here is my understanding, and an overview of the basic details.
The Health Insurance Portability and Accountability Act (HIPAA) was put in place to protect personal health information and to improve the process of information transfer through standardization. The Act was put in place in 1996 as a "kick in the pants" to the Health Care industry, designed to place requirements on how patient information is handled, transfered and maintained. From a technical perspective there are several areas of focus:
- Standards on electronic transactions
- Standards on code sets for information
- Provision for unique identifiers for employers and providers
- Privacy of individual health information
- Security and Digital Signatures
From a Document Management perspective, the real impact is on the privacy and security portion. This section is the most controversial, and holds the healthcare entity liable for any breach of patient confidentiality or disclosure of private information. Organizations are required to create privacy policies and procedures and manage the patient records. Below is a summary of the privacy requirements:
- The right for patients to copy and inspect their health information
- Required training for employees on privacy regulations and procedures
- Policies and procedures are required for the disclosure of information and access
- Patient authorization for the disclosure and/or use of private information
- Documentation of access, use and disclosure
An Electronic Document Management System, or Electronic Medical Record System provides the best path to HIPAA compiance. The correct system will maintain proper security, audit all access, and allow policies and procedures to be enforced.
Some additional compliance links at:
Further information on HIPAA and Document Management