HIPAA Giving Employees the Freedom

¶ … HIPAA

Giving employees the freedom to gain control over their medical records regardless of their employer is one of the greatest benefits of the Health Information Portability and Accountability Act of 1996 (HIPAA) (Kibbe, 2005). The HIPAA Act, which formally went into effect in Aril 21, 2005 and concentrates on defining standards for administrative, technical and physical security procedures (Miller, 2006). The HIPAA Act required healthcare organizations to fundamentally re-order and re-define the processes they used for capturing, analyzing, recording and archiving healthcare records. The strategies healthcare organizations are relying on are not incremental, yet more strategic in focus, creating Enterprise Content Management (ECM) frameworks (Secor, Laplante, 2006). These ECM Frameworks are giving healthcare organizations more flexibility to serve patients yet also significantly increasing accountability and security policies, and systems in place. The critical success factor of ECM Frameworks is the development and successful integration with existing Enterprise Source Planning (ERP) systems, which are used for operating these healthcare organizations (Pumphrey, Trimmer, Beachboard, 2007). In addition, ECM Frameworks give healthcare providers a greater control over their information lifecycles and also make them more agile in responding to patients' needs as a result (Volonino, Sipior, Ward, 2007). The ECM frameworks used for ensuring HIPAA compliance are discussed in this paper with an orientation towards accountability and auditability, two areas that the HIPAA Act is highly prescriptive in its definition of (Miller, 2006).

Background

The healthcare industries' unmet needs when it comes to HIPAA compliance are forming the foundation for a series of product and solution development strategies on the part of many software, hardware and services companies globally. What's so significant about the unmet needs of the healthcare providers in the area of HIPAA compliance is the direct effect the lack of fulfillment of these needs are having on the organizational goals of entire medical institutions including hospitals, clinics and individual practices focused on security and auditability. Reducing diagnosis errors, coordinating on treatment plans across patients, analyzing the extent of care delivered by clinicians and securing these results, and alleviating the need for medical professionals to transcribe data from one computer system to another are all major unmet needs in the healthcare industry. In each of these process areas there is ample opportunity for security lapses and patient data being compromised. The U.S. And other nations have set four major objectives in the defining of electronic medical records systems to ensure compliance with HIPAA and comparable regulatory standards globally for health information security. These include the following: keeping healthcare professionals informed as to new developments in security through a Web-based portal that is continually refreshed with new prescriptive guidance on increasing security levels; interconnecting healthcare organizations' security and it staffs so they can share best practices on advances in healthcare information management globally; personalizing and better analyzing patient data security strategies; more effective use of networks to streamline ECM frameworks and make data use more process-centric and anticipatory of patients' needs (Dantu, Oosterwijk, Kolan, Husna, 2007); and improving broader population health by using it from the content of websites for preventative health programs that are also aimed at reducing the need for visits in the first place (Hall, 2008). These four broad goals are driven from the unmet needs of healthcare organizations in the area of data security to ensure compliance to the HIPAA standard.

The unmet needs of the healthcare community that are in turn driving the greater application and adoption of it-based strategies for ensuring HIPAA compliance are as follows:

A major unmet need in delivering more timely and more accurate access to information including patient records, patient imagery, test results and treatment results while at the same time ensuring a high level of security. At present there are many manually-based processes, for example calling a local clinic and having to get a clerk on the phone to get a specific record. This is a major unmet need as it relates to security, responsiveness, and speed of service to both the patient and the healthcare professional delivering a diagnosis or treatment plan. The most pressing unmet need is to have these records online in a secured framework, integrated with many other systems including patient billing and accounting, patient history, and diagnosis analysis to accomplish the goal of delivering a 360 degree view of the patient on every inquiry (Dantu, Oosterwijk, Kolan, Husna, (2007).

Lack of consistency in existing manual processes aimed at the managing of chronic conditions leaves these records highly susceptible to security breaches. This unmet need emanates from the currently high levels of miscommunication inherent in the complex processes of the healthcare community between specialist MDs and patients. What exacerbates this lack of communication is that each treatment plan is slightly different and requires a slightly different approach to managing the security of the information.

Greater levels of professional productivity through better collaboration, scheduling and coordination of healthcare professionals, administrators and specialist MDs. This isn't simply about being able to see more patients; it's about being able to have a more comprehensive view of the patient treatment plans for advanced diseases and conditions, and keeping these treatment plans confidential and secure. This includes drug interactions, histories of treatments, preferences in treatment approaches by physicians and any unforeseen interactions with previous treatment programs. What HIPAA is forcing many companies is to integrate their many diverse and disparate systems together to allow for network-wide security strategies (Dantu, Oosterwijk, Kolan, Husna, (2007). Currently healthcare professionals have to look either through multiple systems or through a series of books to figure out what if any interactions there are to medications for example, and in this process risk disclosing specific patient data as they search for information. Appling it strategies to this unmet need to ensure HIPAA compliance includes integrating all databases internally to the practice in addition to subscribing to external information sources, all unified with a common search technology that would, from a single query, provide the medical professional with the information requested. Another aspect of this unmet need of increasing productivity is the scheduling of appointments between clinicians and specialist MDs in addition to those with patients. Moving away from manual systems in this area is also a critical step for higher levels of security and greater compliance to the HPAA standards, making organizations more capable of passing audits in the process.

Streamlining and making more efficient processes for patients to fill out their clinic paperwork, check on the status of their medications, and also provide feedback in the form of customer satisfaction surveys is a major unmet need is creating a HIPAA-compliant full-cycle approach to patient care. One of the most glaringly obvious unmet needs in the entire medical profession is this specific area of streamlining what is called "on boarding" of new patients and measuring their satisfaction with the level of service delivered. An integral part of this process is the development of secured (Kibbe, 2005). The first series of processes, those of signing up new patients is fraught with inefficiencies and errors, and making this online, even for the a medical centers' staff is a potential major improvement. Capturing patient feedback on what is going well and what isn't is also a critical unmet need; only a very small percentage of healthcare professionals and specialists get feedback on how their treatment programs are working, how their empathy skills are being perceived, and in short, how satisfied the patients. Yet all this data needs to be managed to the HIPAA standards, just as the more complex data regarding treatment programs.

Lack of integration with health services providers, specifically those paying for the care of patients including HMOs, PPOs and health insurance organizations. This is perhaps one of the aggravating unmet needs in the medical profession and is exacerbated again in the area information security due to the fact that a person's financial stability is affected by how well these processes work. The lack of it systems-level integration between health services providers, HMOs, PPOs and health insurance organizations significantly slows down the time required to fulfill claims for patients, and in turn slows down the finances of clinics, physician offices, and hospitals. The time lag in these processes also poses a significant security risk that HIPAA is targeted to resolve as well. Through the integration of it systems beneath these processes, healthcare organizations can gain greater compliance with HIPAA standards. Clearly the need for greater levels of integration specifically in this area is critical, and as a major unmet need being addressed through it strategies, this forms the basis for the framework emerging for comprehensive electronic medical record systems that make HIPAA compliance more achievable.

There are many additional unmet needs throughout the healthcare community and the five mentioned in this section are the most prevalent. Combined these five unmet needs are the catalyst for the re-engineering of processes in healthcare organizations towards HIPAA compliance.

What is emerging from it strategies aimed at resolving these unmet needs is a comprehensive framework. Figure 1, Electronic Medical Records Systems Architecture, defines the it architecture that many healthcare providers are opting for to selectively apply it applications and components to the unmet needs in their industry.

Figure 1: Electronic Medical Systems Architecture

Source: (Cahn, 2001)

The core building blocks of this framework include the presentation and client layers, where web-based applications aligned with the needs of clinicians, specialist MDs and patients. The need for synchronization across Platform, Storage and Infrastructure and Integration areas of this framework dictate the speed and accuracy of responses to all users of the system. Thinking of this framework as the foundation that the specific processes that clinics, practices and hospitals rely on to complete daily tasks to accomplish their goals and objectives while at the same time ensuring a high level of security across each component. The integration and security requirements are critical for HIPAA compliance.