HIPAA Compliance


[cta id=”4623″ vid=”0″]

Is HIPAA still giving you stress? Are you worried about Security Rule compliance with data in your office?

PracticeSuite.com provides headache-free hosted data security and privacy, while letting you take advantage of HIPAA-compliant transactions to give you complete peace of mind around your practice management system.

Our solution seamlessly incorporates HIPAA- Compliant security and privacy measures as well as transactions into a practice’s workflow. And, more importantly, HIPAA compliance is built right in to our integrated solution – no special charges for HIPAA upgrades.

The remainder of this page outlines in more detail how PracticeSuite.com has prepared to help you meet all of the requisite transaction, security, and privacy obligations with as little hassle as possible. If you are a client or prospect and would like more information about our ONE STOP SOLUTIONS, please contact us.

Transaction Sets

As of October 16, 2003, all electronic claims and related transactions are required to comply with HIPAA-designated standard ANSI formats. PracticeSuite.com currently handles all of its supported electronic transactions in compliance with HIPAA.

Professional Claims (ANSI X12 837P): PracticeSuite.com’s electronic claims service uses HIPAA-certified clearinghouses to submit compliant 837P claim transactions to all supported payers. PracticeSuite.com also takes responsibility for transmitting the data using HIPAA-compliant secure file transfer mechanisms. In addition, PracticeSuite.com provides the option to download Claredi-certified 837P files, which can be submitted through any third party gateway. (Note that this downloaded file is certified to national standards; specific payer requirements may vary).

Electronic Eligibility Inquiry (ANSI X12 270/271): PracticeSuite.com offers single-source online eligibility checks for virtually every payer offering this service. Imagine how many denials you’ll avoid by pre-checking insurance eligibility!

Security

Effective April 2005, HIPAA now mandates security measures to (1) physically and electronically secure electronic Protected Health Information (PHI) against unauthorized retrieval, (2) reliably store the electronic data and (3) provide for emergency access to the data. PracticeSuite.com already has systems in place to meet these stringent security requirements – all while significantly reducing the security burden on your office and staff.

Consider a traditional software system, with a server and data right in your office. Under the new Security Rule, you’ll be responsible for protecting your computer-stored patient data from both physical access (break-ins, disgruntled employees, etc.) and electronic access (firewalls, complete network and user security, etc.) This presents a great challenge for small and large practices alike, on top of the regular headaches of managing backups, software installs, and more. Then add backup and reliability issues, considering that some 40-50% of all in-office tape backups fail to restore properly. It’s a nightmare waiting to happen.

PracticeSuite.com offers a full-service secure data management solution that removes all of the above hassles and enables much easier HIPAA compliance for your office at the same time. We store all of your electronic data in a world-class data center facility that has high security, highly secure access, 24-hour monitoring and patrolling, locked server cages, and state-of-the-art firewall protection.

In addition, PracticeSuite.com also provides a robust backup system that gives you peace of mind regarding your backup and disaster-recovery planning. Your data is backed up daily to a different physical location, with out-of-state secure copies stored every night. Occasional restores are performed to test the integrity of the backup media.

Other tools PracticeSuite.com provides to assist you in your Security Rule compliance:

Secure transfer:PracticeSuite.com uses powerful SSL 128-bit encryption to safeguard the electronic transfer of all data – the same level of security as banks and Federal transactions.

Automatic Sign Off:The Security Rule includes requirements that users be automatically logged out after a period of inactivity, to prevent unauthorized access to patient records. This feature comes standard with PracticeSuite.com.

User logging:PracticeSuite.com automatically tracks all users logging into and out of the system for reference by a system administrator.

Audit trail:The system permanently tracks any changes made to PHI, so those changes can be reviewed at any time by a system administrator.

Privacy

Privacy regulations protect the confidentiality of the patient’s individual medical information with respect to others. These privacy regulations apply to all PHI – paper, verbal and electronic. Once any information that may reveal a patient’s identity is added to a document and that document is stored or electronically transmitted, the privacy provisions are in force.

PracticeSuite.com offers some key privacy tools for our clients:

User roles:The system restricts access to PHI based on administrative rights and user roles, so that the electronic information is revealed only to those whom you authorize.

Consent:PracticeSuite.com provides a set of helpful patient consent management tools, including electronic form storage and automated reminders.

In addition, as a Business Associate of our clients, PracticeSuite.com is allowed access and use of PHI only as necessitated to deliver our contracted services to our provider clients. This includes secure storage of patient data, and access to that data as needed to perform support and consulting services requested by our clients.

Our HIPAA Relationships

Medical providers are, of course, designated as “Covered Entities” under the regulations. Those covered entities are responsible to ensure that their agents and business partners meet certain obligations with respect to privacy and security. Such parties are designated as “Business Associates”, and the provider generally will have a “Business Associate Agreement” with those parties to ensure those obligations are met.

An integrated solution provider like PracticeSuite.com is typically a Business Associate of our clients. As such, we consider ourselves to have four primary responsibilities:

  1. Ensure that we thoroughly understand HIPAA regulations and relationships.
  2. Provide software and services that help you comply with your HIPAA obligations (and meet our Business Associate obligations to you).
  3. Assist our clients in entering into standard Business Associate agreements with us.
  4. Ensure that our agents and business partners use systems and processes that are consistent with the Business Associate obligations we have to our clients.

While PracticeSuite.com is responsible for ensuring that our partners conform to our Business Associate obligations, our client providers may wish to establish direct Business Associate agreements with claims clearinghouses accessed via our software (because the providers enter into direct business agreements with them). This option should be reviewed by each covered entity with their HIPAA legal counsel.

PracticeSuite.com includes a Business Associate agreement as part of its standard Terms of Service for all clients.

As the HIPAA regulations continue to change and various deadlines arrive, PracticeSuite.com will continue to lead the way in providing the best tools to help you meet your HIPAA obligations.

HIPAA is a very detailed piece of legislation, and the information presented here should not be considered a legal opinion. The reader should consult legal counsel to obtain a legal opinion or other information required by their individual circumstance.