Friday, April 13, 2018

Medical records retrieval and HIPPA_ Birth of a whole new industry on the back of Medicine

Medical records retrieval and  HIPPA a whole new industry due to paranoia and vanity of some patients.
Even before  the social media revolution which has made every Tom,Dick,Mary and Jane in to thinking they are some kind of celebrity, that the whole world is eager and dying to know what they ate for breakfast today or whether they broke up with  their lousy girl/ boyfriend .medical industry came up with this bugbear called HIPPA which sounds more hip than the original names of two dudes who dreamt up this, Kennedy-Kassebaum Bill. KKB sounds more like  KKK.(Ku Klux Klan)

The original intent was to help people carry their health insurance from one company to the next, as well as streamline the movement of medical records from one health care institution to another.
But then ( drum roll please)
In addition, HIPAA created a system to recognize and enforce the rights of patients to protect the privacy of their medical records.
HIPAA is a series of laws that have required healthcare organizations to invest time and money into training for strict compliance. As if we are not spending billions already on defensive medicine. Although this can be a lengthy and arduous effort for those in the healthcare industry, for patients it creates an additional level and sense of security.( about what ?)
Three decades ago!
The roots of HIPAA stem from the early 1990s when it first became apparent that the medical care industry would become more efficient by computerizing medical records.
In addition, the industry also needed new standards regarding the management of healthcare data.
These standards included rules regarding the portability of medical information as well as the establishment and protection of a patient’s right to medical privacy.There was also the issue of ensuring that people could keep their health care coverage when they left their jobs.
HIPAA, the law that resulted from efforts to address these concerns, was passed by Congress and signed by President Bill Clinton.
While the law itself was passed in 1996, the actual details of the law were left to future specifications by Congress, as well as the Secretary of Health and Human Services.
( isn’t this a wonderful way to enact laws? You pass  some "xyz" law and let a bunch of clueless  bureaucrats decide what the regulations should be under the law./ I wish there is such a facility in medicine where I can do a cholecystectomy on a normal gallbladder or an angioplasty on a 115-year-old’s coronary because in future they are going to develop cholecystitis or coronary artery disease)
bu·reau·crat
ˈbyo͝orəˌkrat/
noun
plural noun: bureaucrats
  1. an official in a government department, in particular ,one perceived as being concerned with procedural correctness at the expense of people's needs.

The Privacy Rule was the first aspect of HIPAA to be finalized in 1999. Next came the Transaction and Code Sets Final Rule, in 2000, followed by the Security Rule and the National Provider Identifier, or Unique Identifiers, rule.
The Enforcement Rule specification was, as of 2006, the last part to be finalized in detail.
HIPAA Regulations

healthcare laws regulations impact electronic health records HIPAA is a series of regulations governing the transfer of medical information, particularly its modernization by implementing electronic medical record systems.

In addition, it also addresses the issues of health insurance portability and patient privacy rights.

The law is broken up into Title I and Title II, the latter of which is also broken up into separate Rules.

Title I is called “Health Care Access, Portability, and Renewability” and it deals with health care plans and policies. Title I regulates the amount of “exclusion” period, or time that health insurers can delay coverage for pre-existing conditions, and also allows ways for policyholders to reduce the exclusion period. Title I also enables people to carry their insurance from one job to the next.
Title II is called “Preventing Health Care Fraud and Abuse” and it is made up of five separate Rules: the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers or National Provider Rule, and the Enforcement Rule.
HIPAA Requirements for Compliance

To comply with HIPAA patient privacy regulations, there are a number of steps that health care providers and insurance companies must take.

The law requires that a company must have a HIPAA Compliance Officer who has taken a training course in compliance. This person will be the one who is ultimately responsible for staying on top of HIPAA requirements and ensuring that the organization is following the law.
Employees need to be kept up to date on policies that pertain to the organization. This may also require ongoing training for the staff.
HIPAA requires organizations to safeguard patient data against unauthorized access and disclosure. This involves implementing a number of security measures that are adequate to prevent physical and network-based intrusions.
In the event of a security breach, organizations are required by law to report the incident and to inform those patients and clients whose information may be affected.
HIPAA Complaints and Violations

In the event of a violation of the HIPAA law, patients are given options to file a complaint. This primarily involves contacting the Office for Civil Rights (OCR this is different  from the computer term ). The OCR has the authority to investigate allegations of violations and to enforce the law, particularly the Privacy Rule.

Affected parties are required to file a written and detailed complaint either on paper, through the U.S. Mail, via email or by fax within 180 days of the incident, although some deadline exceptions may be granted. HIPAA also forbids retaliation against, or harassment of, those who file complaints.

Punishments for HIPAA violations can include hefty fines, or in the case of willful or egregious violations, imprisonment. HIPAA allows for additional punishments to be administered at the state level.

For instance, California ( which is another  country with in a country just like the republic of texas) allows for additional fines, such as $250,000 for disclosure of a person’s medical information for financial gain, and also allows affected parties to file a civil lawsuit.

Medical Records Management

There are several electronic medical record systems that a practice can employ to comply with HIPAA laws and regulations.

computerize your  Electronic Medical Records(EMR) system ( sorry it is changed to  Electronic Health records EHR), always  difficult and Painful transition

EHR- converting paper records of  bad old doctors, who cared more about the patient, than their   recording of the details on paper. Medical Record Scanning

Medical record imaging process has to be  HIPAA and HITECH compliant.

Scan medical charts, business files, patient records,
networks also offers optical character recognition (OCR) and redaction services.
Because there are still some  old luddites who do not believe  in all this new fangled computer technology and  for those times like Katrina we still have to store some  paper records .
so PRESTO we have one more new industry
Medical Records Storage
“Our pre-screened network of record storage professionals specialize in helping you stay in compliance and minimize your storage costs. Get free quotes today!”


select the right electronic medical records software for your practice Electronic Medical Records Software/ we have one more new industry
So every entrepreneur worth his salt saw an opportunity so we have  500 + ( I have lost count because new fish join the pond daily and the  big fish swallow the useful new fish and make them useless) Electronic Health Record Systems
we have one more new industry
specialize in making the transition to an EMR simple and cost-effective for practices of all sizes.

Electronic Health Record Systems
Let our experts navigate you through all the acronyms and options so your practice can reach the meaningful use requirements in HITECH.

Medical Record Scanning & Storage Services

WE can help you find a reputable local medical record scanning partner that can handle your project quickly, efficiently and securely.  Let us help you get more organized and eliminate the costs associated with digital paper document management today!

If you’d like a free, no obligation quotes on medical record scanning, storage, or are looking for help on importing electronic medical records into an EHR, fill out the form to the right, or give us a call at (999-99-9999) Sorry HIPPA rules do not allow us to provide PII.( one more morsel lof the  alphabet soup,see below ) Within minutes, you’ll be connected with an expert in your area that has a quote ready for your practice’s specific need.

Definition of PII

The term PII has become widely accepted in recent years. Here are definitions from three very credible agencies of the federal government:
1) PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. (Source: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), National Institute of Standards and Technology, page 2-1)
2) The Department of Homeland Security defines PII as any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. (Source: Handbook for Safeguarding Sensitive Personally Identifiable Information At The Department of Homeland Security, page 6)
3) PII is “information that can be used to locate or identify an individual, such as names, aliases, Social Security numbers, biometric records, and other personal information that is linked or linkable to an individual. Loss of such information may lead to identity theft or other fraudulent use of the information, resulting in substantial harm, embarrassment, and inconvenience to individuals.” (Source: Report to Congressional Requesters, Protecting Personally Identifiable Information, United States Government Accountability Office, page 1)
A key common denominator of the above definitions is the fact that the information must be linked or linkable to an individual. The best definition, however, in my opinion, and one that is most relevant to website and blog operators, can be found on the Wikipedia website:
Personally Identifiable Information (PII), as used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.
Although the concept of PII is ancient, it has become much more important as information technology and the Internet have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to plan a person’s murder or robbery, among other crimes. As a response to these threats, many web site privacy policies specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII.






No comments: