Operating a medical practice is assiduous work requiring great attention to detail on a variety of fronts. Patient privacy has always Been an important concept in medical profession. New laws are taking this notion a step further, making it mandatory for medical facilities to protect individually identifiable health information. Government regulations such as Health Insurance Portability and Accountability Act (HIPAA) and others stipulate how your digital records containing sensitive patient information should be kept secure, but caring for your patient’s privacy is just good business.

One of most time and labor consuming tasks in maintaining an electronic medical record is importing non-digital patient information such as radiology reports, hospital dictation and consultation/referral letters is an extremely time and labor consuming task in maintaining an electronic medical record. This is unfortunate because most of this information is already in digital format at sender's location but printed to paper for transit. Transmitting digital information securely, however, can be problematic at best. Simply emailing a document to an intended recipient would potentially violate a patient's privacy since mail could be intercepted in transit or read by unauthorized persons on destination email server before it is downloaded. Also, it would be impossible to tell whether or not document was tampered with or was sent by someone electronically pretending to be someone else. For example, to promote office efficiency, medical offices that want to allow physicians to provide electronic mail as a means to transmit information are forced to have an “email disclaimer” that can not guarantee privacy of information contained in an email. The information may be confidential and subject to protection under law, but fact remains that no real protection is provided as a preventative for security breach of your information.

Whether you are a healthcare provider, payer or pharmaceutical company you have electronic information that must be protected. Essential Taceo virtually eliminates costs associated with safeguarding Protected Health Information (PHI). With Taceo you are now free to email medical advice to your patients, send prescription requests to smallest of pharmacies and safely deliver patient records to referral doctors.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to create a new national standard for protecting privacy of patient’s health information. HIPAA also focused on improving efficiency and effectiveness of Healthcare system, by encouraging development and adoption of Electronic Data Interchange (EDI) between healthcare providers, payers and pharmaceutical organizations. HIPAA also stipulates strict requirement for organizations to establish safeguards to protect integrity and confidentiality of an individual’s Protected Health Information (PHI). HIPAA applies to individual healthcare providers, health plans, and healthcare insurance providers. The law also pertains to organizations that deal with electronic PHI of customers, employers and patients. Civil and criminal penalties can result from noncompliance and security violations.

PENALTIES FOR HIPAA VIOLATIONS

HIPAA calls for civil and criminal penalties for security and privacy breaches. General failure to comply is $100 per penalty; violations of an identical requirement may not exceed $25,000 per year. For example: it would be considered a violation to email claim or file with identifiable patient information that is not encrypted. Even though one requirement may not exceed $25,000, HIPAA has more than 15 named security standards, which if repeatedly violated could quickly grow to more than $375,000. More severe criminal penalties also apply to more flagrant HIPAA violations. Wrongful disclosure of PHI can result in a $50,000 penalty and up to one year in prison. Offense with intent to sell of misuse patients protected health information is punishable with a maximum $250,000 fine and/or 10 years Imprisonment.

TACEO: HELPING TO NAVIGATE THE HIPAA MINEFIELD - COMMON HIPAA SCENARIOS AND TACEO

Medical office wishes to refer and identifiable PHI to another healthcare provider.

A primary care physician examines an individual and determines that he would like to send patient to another provider for further diagnosis or treatment. The physician then asks his/her assistant to assemble and email patient’s history and physical (H&P), imaging reports, labs, progress notes, etc. to off-site healthcare provider for review. Unfortunately, physician and his assistant are in now violation of HIPAA regulations.

Unprotected email is like sending a post-card through cyber-space. While transiting it is routed through multiple servers, an email containing patient PHI can be easily read by people other than designated recipient (the off-site provider). Furthermore, patient’s records, because of an accidental keystroke, could be unintentionally misdirected to an unknown party, thereby increasing severity of security breach. The physician’s assistant could have used Taceo to protect email and attachments. With quick click of a button worker could have prohibited patient records from being printed, forwarded and edited. The outgoing documents would be encrypted and un-accessible to anyone besides intended recipient healthcare provider. (Even if receiving healthcare provider is not fully set-up to work with electronic patient healthcare information, they can still securely view patient records without violating patient confidentiality.)

On-line Pharmaceutical Provider

A pharmaceutical provider fills prescriptions via on-line ordering, but cannot meet HIPAA secure transmission requirements for emailing regarding prescriptions and medications, order confirmation, and other information to their patients. The organization could resort to analog methods such as calling each individual customer or sending information to customers via standard post, however these methods are very inefficient and cost prohibitive. To meet HIPAA regulations on-line prescription provider must shoulder burden of hiring and training a number of new employees at great cost. What is on-line pharmacy to do?

With Taceo, pharmaceutical provider can securely send prescription information, order confirmations and more to their clientele. The confidentiality and integrity of emails containing protected health information (PHI) is enforced and maintained even after delivery. Nearly any customer with a PC1 can easily download free version of Taceo, enabling them receive and reply protected email.

Taceo’s usage permissions interface provides company with an effective way to assign flexible rights management controls based on profile of client. Emails Containing prescription information can be set to expire when no longer valid.

Healthcare giver wishes to provide individual patients medical advice via email

Tenho recebido e até avisado por diversas vezes a respeito de mensagens que recebo na minha caixa postal. São mensagen encaminhad por pessoas com a maior das boas intenções, que simplemente saem reenviando mensagens, muitas vezes ser e sem pensar. Mensagens, como aquelas que dizem se você enviar tais mensagens, fulano de tal ganhará X de dinheiro. Que alguém vai dar celulares e até casos de tipos de assalto, morte e estupro. Fora aqueles que dizem se você tomar cervejas com urina de rato ou ainda, ir em festas, encontrar uma gatinha e acordar sem seus rins.

Recomendo alguns passos para que você NÃO se passe como idiota. Não importa qual seja o conteúdo do pedido. Se tem fotos ou não. Eu sempre sigo pelo menos uma das dicas abaixo:

Pesquise no Google, Altavista e outros sistemas de busca Tem data que a mensagem foi enviada? Digo a ORIGINAL? Já recebi MUITAS mensagens pelo menos umas 10 vezes nos últimos 8 anos. Tem telefone? Já pensou em dar uma ligada? Quem mandou a mensagem fez alguma coisa? Você conhece algum sistema de verificação de mensagens enviadas?

Pesquise no Google, Altavista e outros sistemas de busca Eu SEMPRE pesquiso mensagens que NÃO conheço. TODAS que pesquisei, NUNCA encontrei qualquer referência em jornais, revistas ou algum site que seja diferente a sites pessoais ou BLogs. Se alguma notícia TÃO triste, ou pedido de ajuda for REAL, com certeza algum jornal, que seja do interior fará alguma referência.

Não saio matando supostos vírus do meu computador. Eu procuro no Google ou ainda nos sites das empresas de anti-vírus.