HIPAA Compliance

Document Management System For HIPAA Compliance

What is HIPAA compliance?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care.

Who is Covered by the Security Rule?

The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA and to their business associates.

 

What Information is Protected under the Security Rule?

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI) which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule does not apply to PHI transmitted orally or in writing.

 

What is LuitBiz DMS document management system and how can it help with HIPAA compliance?


A document management system stores, retrieves, manages and tracks electronic documents and electronic images of scanned paper-based information, tracks document lifecycle and audit trail and ensures timely approval of documents via automated document workflows. A document management software ultimately controls and organizes documents throughout an organization.

Prior to HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the health care industry. At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.

Does your organization require a document management system to be HIPAA compliant? Let's start by asking you the following questions on how you are currently protecting the privacy of individuals’ health information:

  1. Do you have controlled access to individual health records?
  2. Are the electronic health records in encrypted format so that only authorized personnel can access them?
  3. Are all the health records in a centralized location for easy retrieval?
  4. Once you track a health record, are you sure you've got it all, meaning all the information pertaining to the record?
  5. Do you know how many copies and versions of that health record exists in different locations and who has access to them?
  6. Under your current system, could sensitive health records get into wrong hands and result in data leakage?
  7. Are you easily at risk of a security breach?
  8. Do you know who has performed what operation on a health record and when?
  9. Are all the records properly backed up and do you have a disaster recovery system in place?

If your answer to the questions (1), (2), (3), (4), (5), (7), (8) and (9) is a "NO" and your answer to question (6) is a "MAYBE", you definitely need a document management system to manage your health records and ensure HIPAA Compliance.

If you do not manage your records now, you will end up in the risk of paying huge fines for non-compliance.

LuitBiz DMS Document Management System can help comply with some parts of HIPAA compliance that are pertaining to document and records management. Let’s take a look at some of the key elements of the HIPAA regulations and how LuitBiz DMS addresses them:

Section What it means How LuitBiz DMS helps
§164.306(a)(1)
Standard: Access control
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4). LuitBiz DMS provides role-based account access and security that ensures that only those individuals with proper authorization can access certain kinds of sensitive information.
§164.306(2)(i)
Unique user identification
Assign a unique name and/or number for identifying and tracking user identity. Proper user ID and password administration capabilities of LuitBiz DMS ensures that all users are uniquely identified and that their passwords are sufficiently secure and periodically changed.
§164.306(2)(iii)
Automatic logoff
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. The automatic log-off capabilities of LuitBiz DMS secures your sensitive data in case someone leaves a workstation unattended.
§164.306(2)(iv)
Encryption and decryption
Implement a mechanism to encrypt and decrypt electronic protected health information. All documents stored in LuitBiz DMS are encrypted for enhanced security and decrypted while rendering the documents in the software.
§164.306(b)
Standard: Audit controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. LuitBiz DMS provides complete audit trail of who has accessed the records and when and also what activities have been carried out on the records.
§164.306(c)(2)
Implementation specification: Mechanism to authenticate electronic protected health information
Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. LuitBiz DMS requires users to enter two passwords to approve any type of document collaboration. The first password is the login password and the second password is an approval password.
§164.306(e)(1)
Standard: Transmission security
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. LuitBiz DMS provides all of these document transmission security features where only persons with the correct access rights are able to view the secured health records.
§164.306(e)(2)(i)
Integrity controls
Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. LuitBiz DMS provides complete control to the document group leaders to oversee document modification. Document lifecycle management feature of LuitBiz DMS ensures that proper procedures are followed before a document reaches its end of life and is deleted from the system.