Voice Documentation in HIPAA Compliance

Similar documents
Voice Documentation for Healthcare

The Right Choice for Call Recording Call Recording and Regulatory Compliance

Call Recording and Regulatory Compliance

Call Recording for Healthcare

Talkument and Voice Documentation: Gramm-Leach-Bliley Act and Financial Services. A White Paper from OAISYS

Call Recording and Electronic Discovery

The Right Choice for Call Recording Call Recording and Electronic Discovery

Avaya Call Recording Solution Configuration

OAISYS and ShoreTel: Call Recording Solution Configuration. An OAISYS White Paper

HIPAA: In Plain English

HIPAA Compliance Guide

HIPAA PRIVACY AND SECURITY AWARENESS

Datto Compliance 101 1

OAISYS and Toshiba: Call Recording Solution Configuration. An OAISYS White Paper

HIPAA Compliance Guide

The Right Choice for Call Recording Call Recording for Customer Retention and Superior Service

The Impact of HIPAA and HITECH

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

The Advantages of Call Logging

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

TABLE OF CONTENTS. University of Northern Colorado

Page 1. Copyright MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Safeguard Your Hospital. Six Proactive Best Practices to Improve Healthcare Data Security

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

An Introduction to HIPAA and how it relates to docstar

Electronic Medical Records Private. Secure. Practical.

HIPAA Security Rule Compliance

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA and Mental Health Privacy:

HIPAA Information Security Overview

CHIS, Inc. Privacy General Guidelines

HIPAA Compliance & Privacy. What You Need to Know Now

Union County. Electronic Records and Document Imaging Policy

My Docs Online HIPAA Compliance

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

efolder White Paper: HIPAA Compliance

Double-Take in a HIPAA Regulated Health Care Industry

Montclair State University. HIPAA Security Policy

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

Healthcare Compliance Solutions

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Security Is Everyone s Concern:

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA COMPLIANCE AND

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

White Paper. BD Assurity Linc Software Security. Overview

Health Information Privacy Refresher Training. March 2013

HIPAA Compliance: Are you prepared for the new regulatory changes?

Preparing for the HIPAA Security Rule

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA compliance audit: Lessons learned apply to dental practices

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Healthcare Compliance Solutions

Sustainable Compliance: A System for Ongoing Audit Readiness

How To Write A Health Care Security Rule For A University

How To Use A Cell Phone For Business

The Second National HIPAA Summit

General HIPAA Implementation FAQ

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context

Tracer for Debt Collection An OAISYS White Paper. The Right Choice for Call Recording

HIPAA and HITECH Compliance for Cloud Applications

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Bridging the HIPAA/HITECH Compliance Gap

HIPAA Security Alert

Department of State Privacy Impact Assessment Electronic Medical Record System Updated July 2008

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

Patient Privacy and HIPAA/HITECH

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

Whitefish School District. PERSONNEL 5510 page 1 of 5 HIPAA

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via .

Security in Fax: Minimizing Breaches and Compliance Risks

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

PowerSoftMD by Data Tec Backup Strategies

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Payment Card Industry Data Security Standards (PCI-DSS) Guide for Contact Center Managers

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

PHI- Protected Health Information

Information Resources Security Guidelines

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

MEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Transcription:

Voice Documentation in HIPAA Compliance An OAISYS White Paper Americas Headquarters OAISYS 7965 South Priest Drive, Suite 105 Tempe, AZ 85284 USA www.oaisys.com (480) 496-9040

CONTENTS 1 Introduction 2 The HIPAA Security Rule 3 Electronic Medical Records 4 Voice Documents 5 How Voice Documentation Works 6 OAISYS and HIPAA Compliance 7 Training and Process Compliance 8 Voice Documentation in Action INTRODUCTION When it passed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) created a profound impact on how healthcare providers in the United States conducted business. While Title I of the act protects workers insurance coverage options when they change or lose their job, Title II creates and defines numerous new regulations and processes relating to patients healthcare information and provides civil and criminal penalties for failing to adequately protect it. This document will examine Title II s Security Rule and discuss how OAISYS Tracer and Talkument TM voice documentation solutions address the rules requirements for records arising from telephone-based conversations. 9 Conclusion 10 About OAISYS Voice Documentation in HIPAA Compliance 1

The HIPAA Security Rule Title II of HIPAA aims to reduce fraud and abuse while simultaneously simplifying administration of patient records. The Act s Privacy Rule sets forth who can receive protected health information (PHI) from the care provider. The Security Rule, also known as The Final Rule on Security Standards, compliments the Privacy Rule by establishing administrative, physical, and technical safeguards. Administrative safeguards generally require organizations that must comply with HIPAA to establish a set of procedures to protect patient privacy, identify employees or types of employees who can access electronic protected health information, train employees in the process, and ensure that outside vendors who may see patient information have their own processes in place. There must also be plans in place for information auditing and to deal with security breaches, should they occur. Physical safeguards are meant to protect against inappropriate access to patient data. These include how hardware and software changes and disposal are conducted, restricting access to electronic storage devices to authorized personnel only, creating security plans for maintenance records, protecting workstations from public view, and training third-party vendors on physical access procedures and policies. Technical safeguards require organizations to control access to their computer systems and protect data transmitted over computer networks. These safeguards include access protection, password protection, data integrity verification, and documenting the security process and configuration settings. Voice Documentation in HIPAA Compliance 2

Electronic Medical Records The Security Rule applies explicitly to electronic medical records (EMRs). An EMR is any medical record stored in digital format. These can include treatment records, notes on patient care, images, billing statements, and insurance provider notifications, among others. EMRs have proven significantly more accurate than traditional, handwritten patient notes and other records. They are more legible, as well as more easily stored and retrieved. However, there is a lack of established standards and a low degree of interoperability among EMR systems, and many organizations have been slow to adopt these solutions. Among regulators and patient groups, the benefits of EMR solutions outweigh organizational concerns, and there has been a concerted push to implement EMRs in healthcare organizations for that reason. The rate of adoption has been slow (25 percent of doctors offices as of 2005), but it has been steadily increasing. As a result of patient and industry demand, all healthcare organizations should consider their EMR strategy and how to make it compliant with HIPAA safeguards. Voice Documentation in HIPAA Compliance 3

Voice Documents The benefits to a healthcare organization of converting paper records to electronic formats are well-documented both in terms of operational efficiency and patient care. However, until now no effective solution has existed to apply those same benefits to telephone-based interactions. In a busy medical office, it is exceedingly difficult to create and maintain adequate paper notes on telephone conversations. Writing notes by hand or typing them on a keyboard by necessity leaves out content and creates a high potential for error. Call centers in medical-related fields, such as insurance, have used call recording technology for years to reduce their liability, ensure accuracy and evaluate agent performance. These solutions have been of great benefit in charting call volumes, training agents, resolving disputes and, in general, maintaining efficiency on an organization-wide level. Unfortunately, this top-down approach was not easily portable to employees and staff dealing with day-to-day information and patient interactions in the healthcare office itself. OAISYS offers an organization-wide voice documentation solution that represents a radical shift in both the approach to and execution of how call recording technology can be used by health care providers. With Talkument voice documentation software from OAISYS, medical offices have a complete solution to simply and efficiently document telephone conversations with patients, insurance companies and other healthcare providers. The solution is specifically designed to aid medical practices with improving cash flow, monitoring processes and patient service, and eliminating errors in communication. Tracer, the contact center management software from OAISYS, delivers the same capabilities of Talkument, but with additional advanced features including live call monitor, reports, evaluations, and desktop screen recording capabilities. OAISYS solutions creates a voice document individual users can refer to, play back, and share with other authorized users. They can highlight portions of the call, insert comments for supplemental information, and provide a link to the call to another healthcare provider, billing agent, or facility to ensure patient needs are met. Voice Documentation in HIPAA Compliance 4

How Voice Documentation Works OAISYS voice documentation solutions are deployed via an appliance or server-based delivery model, with hardware and software working in tandem to seamlessly integrate with business telephone systems. The software allows calls to be captured and stored as searchable, playable electronic voice documents. Now, rather than merely inserting notes into a file, the call is documented and stored in its entirety and can be organized into an electronic folder, searched for and retrieved by a combination of any number of search criteria, annotated and shared with those inside and outside the organization via a secure link. Voice Documentation in HIPAA Compliance 5

OAISYS and HIPAA Compliance OAISYS voice documentation solutions can easily and immediately fit into an organization s Security Rule compliance programs. HIPAA-Required Safeguards The table below illustrates components of each of the HIPAA-required safeguards and how OAISYS solutions satisfy them. Administrative Safeguards Procedures must identify employees or classes of employees who will have access to protected information. Access must be restricted only to those employees who need the information to complete their job functions. Covered entities must have a plan for data backup and disaster recovery. OAISYS built-in access controls are easily configured to restrict access to only those individuals who are authorized to access voice documents. Access sharing can be restricted to specific employees or groups. Voice documents safely reside in a central location, which can easily be incorporated into existing backup and disaster recovery protocols. Procedures must detail how to address security breaches should they occur. Physical Safeguards Administrators can log into individual users accounts to review with which users have shared voice documents. Controls must be established to introduce and remove new equipment on the network. Equipment containing healthcare information must have controlled and regularly monitored access and hardware and software access must be limited to authorized users. OAISYS recording platforms interface with the business telephone system, utilizing established parameters without need for revision. As a centralized solution with permissions-based access to content, OAISYS recording systems should meet these criteria. Technical Safeguards Voice document sharing with outside entities is performed through a secure link sent via email, and a record is kept indicating who the document was shared with. As access to email is normally restricted to users logged in via password on a secure network, authentication is achieved. Covered entities are responsible for ensuring data on their systems cannot be changed or erased in unauthorized manners. The ability to permanently delete voice documents must be specifically assigned by an administrator. Voice documents cannot be changed except to add text-based annotations. A covered entity must authenticate with whom it communicates. Voice Documentation in HIPAA Compliance 6

Training and Process Compliance The Security Rule requires that employees be trained in process compliance. Using voice documents, supervisors have an ideal training and monitoring tool that uses an employee s own conversations to point out what is done correctly and where process adherence can potentially be improved. Supervisors with appropriate access permission can conduct spot reviews of voice documents to ensure process compliance. When errors are made, the supervisor can highlight them and include a reminder as a comment. Voice Documentation in HIPAA Compliance 7

Voice Documentation in Action Consider the following scenario. Monica Jones calls her primary care physician s office complaining of fatigue, mood swings, and thirst, and asks to schedule an appointment as she fears she may be becoming diabetic. The technician talks to her and schedules an appointment for the following Monday. After completing the call, the technician puts the voice document in a folder for Ms. Jones. He then brings up the voice document, highlights the portion where Ms. Jones describes her symptoms and shares it with the doctor. In this way, the doctor can review the patient s stated symptoms in advance for the appointment if his schedule permits. After examining her on Monday, the doctor wants Ms. Jones to undergo a glucose tolerance test. Depending on the results, he may or may not refer her to an endocrinologist for further testing. The office manager calls the testing lab and sets up an appointment for Wednesday afternoon. However, when Ms. Jones arrives for her appointment, the lab only has her scheduled for a routine battery of blood work. The scheduler had input the wrong code when talking with the office manager. While still at the lab, Ms. Jones calls the doctor s office to make sure she was in fact supposed to have the glucose tolerance test that day. The office manager puts her on hold, retrieves the voice document of the call to the lab and plays it back. She confirms with Ms. Jones and asks her to wait at the lab while she attempts to resolve the mix up. The office manager then calls the lab and speaks with a supervisor. At first the supervisor is defensive and says the doctor s office must have made a mistake. The doctor s office manager offers to share a link to the voice document that proves the error was on the lab s end. The lab says that if the office manager can prove to his satisfaction that the error was committed by the lab, he will make sure Ms. Jones gets her test that day. The office manager sends a secure, encrypted link to the lab supervisor s email address. He plays the conversation back, realizes it was his staff member who scheduled the wrong test, and gets Ms. Jones started with the correct test right away. Using OAISYS voice documentation functionality to share patient information in a manner completely compliant with HIPAA regulations, the doctor s office has turned what could have been a delay of several days into a minor inconvenience. Voice Documentation in HIPAA Compliance 8

Conclusion OAISYS Tracer and Talkument software solutions ensure conversations between patients, healthcare providers, insurers, and others related to their care are preserved with 100 percent accuracy and complete collaborative ability among authorized users. Voice documents themselves never leave the central location on which they are stored, and access links to the voice documents are securely transmitted between authorized parties only. The HIPAA Security Rule requirements place stringent controls on how EMRs can be stored and shared. OAISYS voice documentation solutions satisfy these regulatory concerns while improving patient care and bridging potential gaps in recordkeeping. OAISYS solutions can be added to any healthcare organization regardless of where they may be in their transition to an EMR system, as they function separately and parallel to whatever text and image-based solution an organization may ultimately employ. Voice Documentation in HIPAA Compliance 9

About OAISYS OAISYS is a leading developer of call recording and contact center management solutions for a wide range of organizations, from small-to-medium sized businesses to multi-site large enterprises. The OAISYS voice documentation and interaction management solutions help companies within a variety of industries attract and retain customers by digitally capturing phone-based interactions for simple retrieval, playback and management. Compatible with leading business communications systems, OAISYS Tracer and Talkument applications help companies improve risk management, quality assurance, customer retention, dispute resolution, regulatory compliance and other critical business concerns. OAISYS is headquartered in Tempe, Arizona, and OAISYS Limited is located in Cambridge, England. To learn more about OAISYS, Tracer and Talkument, please visit our website at www.oaisys.com. To schedule a live demonstration, please email se@oaisys.com or call us at 888.496.9040. To find a reseller near you, go to www.oaisys.com; click Support, then Reseller Locator. Follow us on: Voice Documentation in HIPAA Compliance 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information