On Aug. 21st, 1996 President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA). The intended goal was to focus on providing patients with quality care, protecting health records and offering different ways to strengthen doctor-patient relationships.
Today, accomplishing these goals has been made easier, faster and more secure due to technologies designed for accommodating compliance changes, while at the same time, providing a better and safer service to medical patients.
However, in 1996, the internet was just beginning to take off. The digital solutions for healthcare that are so common today, were still in their infant stages. So when comparing HIPAA’s original compliance requirements with today’s, the difference could be considered as different as night and day.
The path to HIPAA compliance
Twenty years ago, few were concerned, at least from a security standpoint, as to who was logged into a computer when a doctor or nurse accessed patient data. The only thing that mattered was that staff could quickly search for needed information from the nearest computer.
However today, all hospital PCs require user authentication. HIPAA now dictates that keeping sensitive data secure is of the utmost importance, even if it means having to make a few extra mouse clicks to complete a task.
Peter Tippett, MD, PhD, and chairman of data delivery solutions at DataMotion notes that:
“HIPAA was supposed to be the permission, a way to get things done, easing the burden. If you want to share information, all you have to do is take care of the basics of privacy, here they are.”
The following taken from the original HIPAA law depicts the standards for information transactions and data elements.
“The Secretary shall adopt standards for transactions, and data elements for such transactions, to enable health information to be exchanged electronically,” reads Section 1173. “Each person described…who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards” (of that information).
However, many users found these rules too open and permissive. In turn, “people tend to prefer explicit rules,” Dr. Tippett says.
Now, healthcare organizations tend to view HIPAA in a more punitive light. It is more regarded as something that they can be punished for, but not without reason of course.
Luckily, more and more organizations avoid fines and punishment by comprehensively educating employees on HIPAA regulations. A NueMB survey depicts the rise in awareness for HIPAA rules.
In 2013, HIPAA added the Omnibus Rule. It contained the most significant changes to the HIPAA Privacy and Security rules since their inception. The rule also strengthened the ability of the Office for Civil Rights to enforce the rules and to levy fines if they were not followed. In 2014, only 64% of organizations were aware of the Omnibus updates. But thanks to this new rule, in 2016, that number increased to 69%.
Today, this progress has accelerated even further. As medical technologies continue to evolve, users will always need to be aware of the latest innovations in this field. It is also important to learn about potential pitfalls due to HIPAA violations.
Communicating with patients while avoiding security risks
The increased use of mobile apps, email, texting and social media for the purpose of sharing medical information, makes ensuring HIPAA compliance for these technologies a difficult task.
Medical technologies continue to evolve and provide users with advanced support in all necessary spheres. In return, patients are demanding more attention and communication with their healthcare providers by email, messaging and even social media. This puts the digital transformation of security standards under constant scrutiny.
David Wolf, DDS runs a private dental practice in Milford, West Boston. This tight-knit medical care provider develops intimate relationships with clients and focuses on providing the best care possible.
“We specialize in adolescents to adults,” notes Wolf. And with seven employees and one dentist to cover “about 1,500 active patients,” David Wolf needs to make his workflow as efficient as possible to ensure that he can integrate new patients into his care as seamlessly as possible.
David decided to use PDFfiller to facilitate patient integration into his system. “Now we’re using [PDFfiller] for our patients to submit their medical history forms and insurance forms online,” said Wolf.
But how did David cope with the security risks while getting in touch with his patients?
This is only one instance among many other critical points that healthcare providers must always be on top of. Other components of successful data protection include rather simple but often ignored requisites:
- Never share patient information with unauthorized individuals.
- Don’t share photos or videos related to patient health information (without the patient’s consent).
- Don’t disclose protected health information on social media networks or other platforms.
Protecting health data from external risks
External threats include security breaches such as cyber attacks. According to the Office of Civil Rights, under HHS there were 253 healthcare breaches in 2016 that affected 500 or more individuals with a combined loss of over 112 million records.
Breaches usually occur because of unreliable services used for data share and storage. In case your company uses a digital document platform, pay close attention to the security standards that the platform should be compliant with.
For example, PDFfiller’s data is stored in Amazon S3 data centers which have multiple backup locations, instant and uninterrupted data access and military-level physical security barriers. Amazon Web Services (AWS) has been assessed and approved by independent auditors as a cloud service provider with security impact levels 1-5 of the Department of Defense’s Cloud Security Model.
In addition, a few more features were developed by PDFfiller to keep your information safe. For example, the MY DOCS page features an Encrypted Folder. This folder requires a unique password in order to access its stored content within a user account. Such measures keep you, your employees and patients away from the many pitfalls related to external risks such as data breaches, while simultaneously streamlining the entire workflow process.
Tips to remember
To help minimize security risks and ensure successful doctor-patient relationships, consider keeping the following measures in mind:
- Conduct annual educational seminars aimed at staying up-to-date with innovations in the medical tech sphere.
- Create digital communication guidelines such as Healthcare Communications in the Digital World and 5 dos and don’ts of digital communication in healthcare.
- Motivate staff to always report errors and security concerns.
- Conduct internal audits. For example, PDFfiller provides the Audit Trail feature that allows users to review all activity, from forms you’ve opened and shared, to what time you logged into and out of your PDFfiller account.
Staying HIPAA Compliant
Technological innovations require health providers to pay special attention to data security. Several online document management services, such as PDFfiller, provide a HIPAA compliant e-signature method for protecting the private health information of patients. This also makes it easier for medical offices to adopt new technologies that improve the quality and efficiency of their patient care.
Some time passed before the omnipresent discontent turned to understanding the real significance of the HIPAA act. Today more and more healthcare professionals are discovering that complying with HIPAA doesn’t prevent them from providing quality patient care but is actually an integral part of the comprehensive medical service. Innovative technologies are ensuring the flexibility of internal and external processes across the industry. By being an informed healthcare professional, you can raise your organization to a new level, moving it closer to a value-based model in lockstep with the latest HIPAA developments.