Operating a medical practice is assiduous work requiring great attention to detail on a variety of fronts. Patient privacy has always Been an important concept in medical profession. New laws are taking this notion a step further, making it mandatory for medical facilities to protect individually identifiable health information. Government regulations such as Health Insurance Portability and Accountability Act (HIPAA) and others stipulate how your digital records containing sensitive patient information should be kept secure, but caring for your patient’s privacy is just good business.
One of most time and labor consuming tasks in maintaining an electronic medical record is importing non-digital patient information such as radiology reports, hospital dictation and consultation/referral letters is an extremely time and labor consuming task in maintaining an electronic medical record. This is unfortunate because most of this information is already in digital format at sender's location but printed to paper for transit. Transmitting digital information securely, however, can be problematic at best. Simply emailing a document to an intended recipient would potentially violate a patient's privacy since mail could be intercepted in transit or read by unauthorized persons on destination email server before it is downloaded. Also, it would be impossible to tell whether or not document was tampered with or was sent by someone electronically pretending to be someone else. For example, to promote office efficiency, medical offices that want to allow physicians to provide electronic mail as a means to transmit information are forced to have an “email disclaimer” that can not guarantee privacy of information contained in an email. The information may be confidential and subject to protection under law, but fact remains that no real protection is provided as a preventative for security breach of your information.
Whether you are a healthcare provider, payer or pharmaceutical company you have electronic information that must be protected. Essential Taceo virtually eliminates costs associated with safeguarding Protected Health Information (PHI). With Taceo you are now free to email medical advice to your patients, send prescription requests to smallest of pharmacies and safely deliver patient records to referral doctors.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to create a new national standard for protecting privacy of patient’s health information. HIPAA also focused on improving efficiency and effectiveness of Healthcare system, by encouraging development and adoption of Electronic Data Interchange (EDI) between healthcare providers, payers and pharmaceutical organizations. HIPAA also stipulates strict requirement for organizations to establish safeguards to protect integrity and confidentiality of an individual’s Protected Health Information (PHI). HIPAA applies to individual healthcare providers, health plans, and healthcare insurance providers. The law also pertains to organizations that deal with electronic PHI of customers, employers and patients. Civil and criminal penalties can result from noncompliance and security violations.
PENALTIES FOR HIPAA VIOLATIONS
HIPAA calls for civil and criminal penalties for security and privacy breaches. General failure to comply is $100 per penalty; violations of an identical requirement may not exceed $25,000 per year. For example: it would be considered a violation to email claim or file with identifiable patient information that is not encrypted. Even though one requirement may not exceed $25,000, HIPAA has more than 15 named security standards, which if repeatedly violated could quickly grow to more than $375,000. More severe criminal penalties also apply to more flagrant HIPAA violations. Wrongful disclosure of PHI can result in a $50,000 penalty and up to one year in prison. Offense with intent to sell of misuse patients protected health information is punishable with a maximum $250,000 fine and/or 10 years Imprisonment.
TACEO: HELPING TO NAVIGATE THE HIPAA MINEFIELD - COMMON HIPAA SCENARIOS AND TACEO
Medical office wishes to refer and identifiable PHI to another healthcare provider.
A primary care physician examines an individual and determines that he would like to send patient to another provider for further diagnosis or treatment. The physician then asks his/her assistant to assemble and email patient’s history and physical (H&P), imaging reports, labs, progress notes, etc. to off-site healthcare provider for review. Unfortunately, physician and his assistant are in now violation of HIPAA regulations.
Unprotected email is like sending a post-card through cyber-space. While transiting it is routed through multiple servers, an email containing patient PHI can be easily read by people other than designated recipient (the off-site provider). Furthermore, patient’s records, because of an accidental keystroke, could be unintentionally misdirected to an unknown party, thereby increasing severity of security breach. The physician’s assistant could have used Taceo to protect email and attachments. With quick click of a button worker could have prohibited patient records from being printed, forwarded and edited. The outgoing documents would be encrypted and un-accessible to anyone besides intended recipient healthcare provider. (Even if receiving healthcare provider is not fully set-up to work with electronic patient healthcare information, they can still securely view patient records without violating patient confidentiality.)
On-line Pharmaceutical Provider
A pharmaceutical provider fills prescriptions via on-line ordering, but cannot meet HIPAA secure transmission requirements for emailing regarding prescriptions and medications, order confirmation, and other information to their patients. The organization could resort to analog methods such as calling each individual customer or sending information to customers via standard post, however these methods are very inefficient and cost prohibitive. To meet HIPAA regulations on-line prescription provider must shoulder burden of hiring and training a number of new employees at great cost. What is on-line pharmacy to do?
With Taceo, pharmaceutical provider can securely send prescription information, order confirmations and more to their clientele. The confidentiality and integrity of emails containing protected health information (PHI) is enforced and maintained even after delivery. Nearly any customer with a PC1 can easily download free version of Taceo, enabling them receive and reply protected email.
Taceo’s usage permissions interface provides company with an effective way to assign flexible rights management controls based on profile of client. Emails Containing prescription information can be set to expire when no longer valid.
Healthcare giver wishes to provide individual patients medical advice via email
To provide added value, a healthcare provider wishes to establish an easy and affordable way to give their patients medical advice over web. The provider must have ability to send and receive protected medical advice from work or home and cannot afford installation, maintenance and expensive licensing fees associated with available server-based solutions. Furthermore, caregiver’s patients are largely non-technical and will not bother with cumbersome key exchange, s/mime and other requirements commonly associated with widely available encryption technologies.