EMR Healthcare Compliance
Healthcare compliance is a complex field that focuses primarily on the privacy of sensitive patient information. A secondary consideration is the adherence to the best practices – as outlined by governing medical association bodies – with respect to treatment protocols. The reason a review of the now employed best practice of healthcare compliance is becoming so important is easily explained against the backdrop of the growing popularity that electronic medical records (EMR) are experiencing.
In the past, a patient file was largely composed of paper reports, doctor’s notes, nurses’ chart entries and lab results – all neatly stapled into a growing folder; the best practice at the time was meticulous indexing and filing. For electronic records, the best practices demand the use predefined codes. This, in turn, requires the employment of a well-trained and highly skilled medical coding professional.
The problem of healthcare compliance arises when a physician does want to incur the cost of hiring such a professional. As a result, the office receptionist or secretary is often encouraged to follow a doctor or nurse devised list of likely coding data that fits the office’s needs best; practice makes perfect and over time it is hard to distinguish the difference between a medical coder’s work and the secretary’s data entry.
Problems will likely not crop up until it is time for a healthcare compliance check. As the medical office must now show that it relies on officially sanctioned best practices, the absence of coding expertise can make it difficult to find and supply the data required. In addition to the problem associated with finding data, there is also a good chance that the use of a receptionist or secretary as a data input person is not the best practice.
For example, the Health Insurance Privacy and Portability Act of 1996 (HIPAA) is quite specific about the practices it will accept with respect to the training a person must have when entrusted with sensitive medical data. This training protocol itself must be showcased during a healthcare HIPAA compliance audit. Other areas or reporting include computer security, workstation confidentiality – a common problem when receptionists are also doubling as data entry staff – and of course basic personnel training on privacy issues.
Safety compliance requires the business community to conform to the laws, best practices and standards that guarantee that proper safety regulations are being met. Businesses and organizations who ignore their safety compliance obligations are at risking for being held liable for injuries or damages to people or property and can also face stiff penalties and fines from safety compliance regulators.
Compliance with Federal Safety Regulations
In the United States, federal safety regulations are enforced by the Occupational Safety and Heath Administration, or OSHA. OSHA is entrusted with ensuring that the safety and health legislation enacted by congress is being followed by private and public industries. OSHA completes periodic inspections and safety audits of businesses and organizations, and the consequences of noncompliance with federal safety regulations can be quite serious.
Consequences of Failing to Comply with Safety Regulations
Safety compliance is essential to ensuring that a business or organization will not face financial penalties or civil lawsuits for failing to comply with safety regulations. In the event that a person is severely injured or loses their life due to an organization’s failure to comply with safety regulations, the financial damages awarded through a successful civil lawsuit can be catastrophic. In addition to the financial and legal risks of ignoring safety regulations, the business community has a moral and social obligation to meet all safety compliance requirements and not pose an unnecessary safety risk to its workers, customers or the general public.
Safety Compliance Management
The best way to ensure safety compliance in your business or organization is to institute a formal set of procedures that guarantee that you are in compliance with all applicable safety regulations and best practices. Known as safety compliance management, there are a variety of resources available to busy professionals to assist them in getting up to speed on safety compliance. With these compliance programs in place, you can rest assured that you do not have any unnecessary liabilities existing in your place of business due to an inattention to safety regulations.
Email Compliance under HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) specifies the nuts and bolts of the best practices for patient information protection and privacy. It governs all aspects of data treatment, including email compliance. As medical records move from the age of thick paper file folders into the modern age of computer data, the best practice for observing patient privacy against the backdrop of electronic file systems is now the topic of many a heated discussion.
HIPAA is vague in its demand for email compliance; it merely stipulates that the acceptable best practice should include safeguards of a physical and technical, administrative and also organizational nature. It fails to clearly define what these best practices entail, who should oversee them, and what forms of email compliance it will accept during an audit.
This has made the move to electronic patient records a double-edged sword for smaller medical offices that may have been afraid of running into problems down the line. Attorneys are now scrutinizing what makes up the best practice – and the acceptable proof thereof – when it comes to email compliance. The consensus among legal professionals currently holds that there is a four-step approach that is likely to meet the best practice compliance requirement set forth by HIPAA.
1. Physical safeguards are understood as pertaining to the actual separateness of the computer terminal that is used for emailing patient files. It should only be accessible to authorized personnel.
2. Technical safeguards may refer to little more than password protection and the use of an encryption system when sending emails.
3. Administrative best practices are tangible compliance checklists, procedure manuals and signed training data sheets that prove an employee’s completion of a patient privacy training program.
4. Organizational safeguards cover everything from who will receive the emailed patient records to who is in charge of finding and attaching them to a basic document in the first place.
While not foolproof, this form of email compliance is likely to satisfy HIPAA standards during an audit.
In this section we will discuss: