The HIPAA Compliance Balancing Act

I was just listening to a webinar by a reputable Health IT vendor the other day on visual security and privacy risks in healthcare.  As my company offers many ways to help with the challenges that healthcare organizations face with keeping PHI protected, I was interested in hearing what another solutions provider had to say. 

I was rather surprised when the speaker mentioned keeping faxes and print outs further behind the counter so that others cannot easily see or take them. 

My surprise had more to do with why they would be on or around the counter in the first place, rather than their location...

Technology has come far enough to allow “paper” to remain in an electronic format and, therefore, safer.  Access to electronic documents can be managed by network access policies that manage the rest of the information that a healthcare organization is working so hard to keep safe, so why would you want any [HIPAA Compliance Balancing Act] information flowing outside of those security protocols that have been carefully thought out?

Well, mostly, it happens because clinicians want access to the information quickly and some healthcare organizations have not optimized allowing access to non-interfaced data.   If information flows via an interface, it is quickly available in the fields of the EMR to those who are allowed to see it.  If it arrives by fax or has been carried in by a patient, it is often inaccessible to anyone, but the person holding it until it makes its way to HIM/Medical Records and is uploaded to the EMR.

My previously mentioned surprise was mostly to do with the fact that the routing of the document to the EMR can easily be automated by intelligent software so that it could indeed be in the EMR much more quickly and therefore accessible to all who need it. It would also be safer in its travels with less human intervention and chances of getting lost, mis-named, mis-filed, or otherwise.

According to the U.S. Department of Health & Human Services, HIPAA regulations were established to “publicize standards for the electronic exchange, privacy and security of health information”. Great efforts have been made to accomplish this for electronic data, but not as much for non-electronic, non-interfaced formats, such as faxes and paper records.  There is a balance to be found in allowing access to non-interfaced data to the clinicians that need it and protecting that data from those who do not.  That balance can be achieved with intelligent clinical data extraction software that can intelligently route and store both the documents and the discrete valuable clinical data that resides in it, thereby having it “act” like interfaced data that flows through via secure network protocols and makes it available to those who need it.

So, no need to pull those documents further back on the counter, instead just go the EMR and find the data in the fields or on the media/documents tab there.  It’s easy!

Interested in learning more? Let's schedule a personalized product demo so you can see just what Extract Systems can do for you!

Name *

About the Author: Ellen Bzomoski

With 20 years of experience in data capture and voice recognition, Ellen’s experience has focused on achieving higher efficiencies and automation in getting data where it will be most useful to an organization. At Extract Systems, she continues to focus on the same ideas and works to get the word out about how Extract Systems’ advanced data capture and redaction solutions make more data valuable and accessible, while securing anything that is private. She holds an MBA from Northeastern University and lives and works in Boston.