A few things to ponder when assessing whether not your non-interfaced data is HIPAA compliant:
Is a fax of a patient’s lab results
sitting at a nurse’s station safe?
Hopefully, yes, but in reality, no...
Any “paper” lying around in a healthcare organization poses the risk of being misplaced or inadvertently made accessible to someone who should not see it. Why is it likely there then? Your staff wants the information that’s on it.
What’s another solution? Don’t print the fax off, but rather use intelligent clinical data extraction and document classification software to automatically route it to the patient’s record in the EMR so that people can access it there instead. This does not mean waiting days for it to be uploaded by someone, most organizations using this software today have priority documents in the EMR within 1 hour and a couple of hours for less urgent documents. By the way, they are also getting the valuable discrete data (i.e. the actual lab results) into the fields of the EMR at the same time so that you don’t even need to refer to that document anyway.
Is walking a document or sending it via
“interoffice” mail to the Medical Records/
HIM department HIPAA compliant?
Hopefully, yes, but in reality, no...
Moving paper from one department to another runs the same risks mentioned above in terms of it being misplaced, dropped, etc. Again, why do it, when you can have the document flow via your secure network protocols to that same department or even directly to the EMR via intelligent clinical document classification?
Is storing eFaxes or scanned documents
in a network folder HIPAA compliant?
Hopefully yes, but it depends...
Is the folder secure? Can you tell you who accessed it? Do you know where the files are being moved to from that folder when they are removed? Without an audit trail or built in security protocols, it’s hard to ensure that HIPAA regulations are being met. Another benefit of an intelligent clinical document classification is that every movement and touch of the document is tracked and reported until it arrives at its final storage area in the patient record of the EMR or a secure archiving system.
In Summary...
Admittedly, our FAQ is a bit simplistic for the true complexity of HIPAA compliance requirements, but our intention is simple. If you can see the ease in which you can automate the handling and movement of non-interfaced data in your organization, you will begin to realize the improvements you can make that will not only help you to achieve HIPAA compliance, but relieve your staff of the unnecessary burden of manually handling these documents and let them concentrate more on your patients.
Did this just get really confusing? Check out this video where we break it down...
