HIPAA You’re responsible
Changes in HIPAA Effective Feb 2010
Written by Bob Bryan
There are some important changes to HIPAA regulations that will affect all MTs, MTSOs, and Transcription platform providers as of February, 2010.
HIPAA rules (privacy and security rules) were created to protect patient health information. HIPAA was approved and has been in place since 2001. These rules have been amended several times over the years to address needs, challenges, and changes in technology. Up to now, the burden of responsibility and liability has rested with the provider (Covered Entity or CE). It has been their responsibility to protect this information and safeguard its use by vendors and business associates. Business Associates (BA) were not directly liable and were not required to provide proof of compliance or even to have business associates agreements with covered entities. This all changes as of February of 2010.
While many states have laws in place holding BAs responsible to some extent for HIPAA compliance, Federal law will hold BAs responsible to the same degree as CEs. What this means is that everyone involved in healthcare delivery and documentation should be familiar with HIPAA and take measures to assure their compliance.
Look for more comprehensive information including rules changes and recommendations on compliance soon. In the meantime here is a list of changes in MedEDocs meant to help in compliance and a quick list of recommendations for making sure you are HIPAA ready.
Changes in MedEDocs effective 01/01/2010
Full encryption mode: While your data has always been secure, MedEDocs added an additional layer of protection by encrypting documents within the transfer stream in effect creating multiple layers of protection. While this has been a per customer preference for a number of years, MedEDocs will make that the standard effective January 6 2010.
Coversheet option: Our Fax server will now have the option of sending a coversheet. If your customer prefers or is required to have coversheets on faxes you can include one. For those using automated faxing of documents, you will set the option at the Referring physician level. Manually scheduled faxes, sent from the ReportViewer or Coordinator will prompt for coversheet. While most providers have protected fax machines or electronic faxes, some do not and should be using coversheets to protect PHI. Please be sure and consult the recipient before selecting this option. A high volume provider may discard hundreds of unwanted coversheets each day.
Encrypted attachments: Patient reports and other Email attachments sent via the MedEDocs system will be sent as password protected zip files. This will apply to both reports sent via our automated fax/email server and for those reports sent from the ReportViewer or Coordinator.