Sunday, November 18, 2007

Document Management, HIPAA and Compliance

So what is this HIPAA thing, and how does it apply to the management of Documents? Here is my understanding, and an overview of the basic details.

The Health Insurance Portability and Accountability Act (HIPAA) was put in place to protect personal health information and to improve the process of information transfer through standardization. The Act was put in place in 1996 as a "kick in the pants" to the Health Care industry, designed to place requirements on how patient information is handled, transfered and maintained. From a technical perspective there are several areas of focus:

  • Standards on electronic transactions
  • Standards on code sets for information
  • Provision for unique identifiers for employers and providers
  • Privacy of individual health information
  • Security and Digital Signatures
The first two areas of focus were created to standardize the transmission of administrative and financial healthcare transactions. This definied, standardized format is to be used for any number of transmissions, including claim status, payment and remittance as well as referrals and authorizations (and many others).
From a Document Management perspective, the real impact is on the privacy and security portion. This section is the most controversial, and holds the healthcare entity liable for any breach of patient confidentiality or disclosure of private information. Organizations are required to create privacy policies and procedures and manage the patient records. Below is a summary of the privacy requirements:
  • The right for patients to copy and inspect their health information
  • Required training for employees on privacy regulations and procedures
  • Policies and procedures are required for the disclosure of information and access
  • Patient authorization for the disclosure and/or use of private information
  • Documentation of access, use and disclosure
These are just a few of the requirements.
An Electronic Document Management System, or Electronic Medical Record System provides the best path to HIPAA compiance. The correct system will maintain proper security, audit all access, and allow policies and procedures to be enforced.
Some additional compliance links at:
Further information on HIPAA and Document Management

1 comment:

Animesh Singh said...

Pretty insightful post. Never thought that it was this simple after all. I had spent a good deal of my time looking for someone to explain this subject clearly and you’re the only one that ever did that.Keep it up
HIPAA Privacy Training