By Zachary Price
OVERVIEW
Operating a medical practice is assiduous work requiring greatattention to detail on a variety of fronts. Patient privacy hasalways Been an important concept in the medical profession. Newlaws are taking this notion a step further, making it mandatoryfor medical facilities to protect individually identifiablehealth information. Government regulations such as the HealthInsurance Portability and Accountability Act (HIPAA) and othersstipulate the how your digital records containing sensitivepatient information should be kept secure, but caring for yourpatient's privacy is just good business.
One of the most time and labor consuming tasks in maintaining anelectronic medical record is importing non-digital patientinformation such as radiology reports, hospital dictation andconsultation/referral letters is an extremely time and laborconsuming task in maintaining an electronic medical record. Thisis unfortunate because most of this information is already indigital format at the sender's location but printed to paper fortransit. Transmitting digital information securely, however, canbe problematic at best. Simply emailing a document to anintended recipient would potentially violate a patient's privacysince the mail could be intercepted in transit or read byunauthorized persons on the destination email server before itis downloaded. Also, it would be impossible to tell whether ornot the document was tampered with or was sent by someoneelectronically pretending to be someone else. For example, topromote office efficiency, medical offices that want to allowphysicians to provide electronic mail as a means to transmitinformation are forced to have an "email disclaimer" that cannot guarantee the privacy of information contained in an email.The information may be confidential and subject to protectionunder the law, but the fact remains that no real protection isprovided as a preventative for security breach of yourinformation.
Whether you are a healthcare provider, payer or pharmaceuticalcompany you have electronic information that must be protected.Essential Taceo virtually eliminates the costs associated withsafeguarding Protected Health Information (PHI). With Taceo youare now free to email medical advice to your patients, sendprescription requests to the smallest of pharmacies and safelydeliver patient records to referral doctors.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA)of 1996 was designed to create a new national standard forprotecting the privacy of patient's health information. HIPAAalso focused on improving the efficiency and effectiveness ofthe Healthcare system, by encouraging the development andadoption of Electronic Data Interchange (EDI) between healthcareproviders, payers and pharmaceutical organizations. HIPAA alsostipulates the strict requirement for organizations to establishsafeguards to protect the integrity and confidentiality of anindividual's Protected Health Information (PHI). HIPAA appliesto individual healthcare providers, health plans, and healthcareinsurance providers. The law also pertains to organizations thatdeal with the electronic PHI of customers, employers andpatients. Civil and criminal penalties can result fromnoncompliance and security violations.
PENALTIES FOR HIPAA VIOLATIONS
HIPAA calls for civil and criminal penalties for security andprivacy breaches. General failure to comply is $100 per penalty;violations of an identical requirement may not exceed $25,000per year. For example: it would be considered a violation toemail claim or file with identifiable patient information thatis not encrypted. Even though one requirement may not exceed$25,000, HIPAA has more than 15 named security standards, whichif repeatedly violated could quickly grow to more than $375,000.More severe criminal penalties also apply to more flagrant HIPAAviolations. Wrongful disclosure of PHI can result in a $50,000penalty and up to one year in prison. Offense with intent tosell of misuse patients protected health information ispunishable with a maximum $250,000 fine and/or 10 yearsImprisonment.
TACEO: HELPING TO NAVIGATE THE HIPAA MINEFIELD - COMMON HIPAASCENARIOS AND TACEO
Medical office wishes to refer and identifiable PHI to anotherhealthcare provider.
A primary care physician examines an individual and determinesthat he would like to send the patient to another provider forfurther diagnosis or treatment. The physician then asks his/herassistant to assemble and email the patient's history andphysical (H&P), imaging reports, labs, progress notes, etc. tothe off-site healthcare provider for review. Unfortunately, thephysician and his assistant are in now violation of HIPAAregulations.
Unprotected email is like sending a post-card throughcyber-space. While transiting it's routed through multipleservers, an email containing patient PHI can be easily read bypeople other than the designated recipient (the off-siteprovider). Furthermore, the patient's records, because of anaccidental keystroke, could be unintentionally misdirected to anunknown party, thereby increasing the severity of the securitybreach. The physician's assistant could have used Taceo toprotect the email and attachments. With the quick click of abutton the worker could have prohibited the patient records frombeing printed, forwarded and edited. The outgoing documentswould be encrypted and un-accessible to anyone besides theintended recipient healthcare provider. (Even if the receivinghealthcare provider is not fully set-up to work with electronicpatient healthcare information, they can still securely viewpatient records without violating patient confidentiality.)
On-line Pharmaceutical Provider
A pharmaceutical provider fills prescriptions via on-lineordering, but cannot meet HIPAA secure transmission requirementsfor emailing regarding prescriptions and medications, orderconfirmation, and other information to their patients. Theorganization could resort to analog methods such as calling eachindividual customer or sending information to the customers viastandard post, however these methods are very inefficient andcost prohibitive. To meet HIPAA regulations the on-lineprescription provider must shoulder the burden of hiring andtraining a number of new employees at great cost. What is theon-line pharmacy to do?
With Taceo, the pharmaceutical provider can securely sendprescription information, order confirmations and more to theirclientele. The confidentiality and integrity of emailscontaining protected health information (PHI) is enforced andmaintained even after delivery. Nearly any customer with a PC1can easily download the free version of Taceo, enabling themreceive and reply protected email.
Taceo's usage permissions interface provides the company with aneffective way to assign flexible rights management controlsbased on the profile of the client. Emails Containingprescription information can be set to expire when no longervalid.
Healthcare giver wishes to provide individual patients medicaladvice via email
To provide added value, a healthcare provider wishes toestablish an easy and affordable way to give their patientsmedical advice over the web. The provider must have the abilityto send and receive protected medical advice from work or homeand cannot afford the installation, maintenance and expensivelicensing fees associated with available server-based solutions.Furthermore, the caregiver's patients are largely non-technicaland will not bother with cumbersome key exchange, s/mime andother requirements commonly associated with widely availableencryption technologies.
Additionally, encryption software does not protect content afterit has been delivered. Once opened, the patient's identifiablemedical information is totally exposed; email can beaccidentally forwarded, laptops and PCs can be lost or sold withPHI remaining on the hard-drive, patient info could be leakedvia virus, spy-ware or Trojan worm. Unauthorized individualsgain access and doctor-patient confidentiality is breached. Thecaregiver must be able to ensure that received documents remainencrypted and can be deleted from the patient's computer after agiven time. How can the healthcare provider utilize the power ofemail to give medical advice while keeping sensitive patientdata secure?
Taceo helps healthcare professionals meet HIPAA requirements forthe secure storage, transmission and delivery of identifiablepatient information. Taceo makes the sending and receiving ofsecured email and documents quick and easy. From the desktop orMS Outlook®, providers can encrypt and apply usage permissionsto control and prevent actions as forwarding, cut/copy/paste,printing and disabling the Print Screen key. Email and documentscan also be set to "expire" and will become unreadable at agiven time and date.
Taceo is by no means a comprehensiven overall HIPAA securitysolution, however if used properly can help your business toinexpensively meet most of the critical rules.
TACEO FEATURES AND BENEFITS
. Protect EPHI from theft, misdirection and unauthorizeddistribution. . Allows primary care providers and specialists toinstantly and securely share patient records with little cost. .Enables patients to easily access and securely reply toprotected emails containing medical advice, prescriptioninformation and more from their home or work computers. . Givesoff-site providers an easy method to access and reply to secureemail sent across disparate computing environments . Affordablesecurity beyond the office firewall. Taceo can ensure the properuse and protection of EPHI no matter where it travels or whereit's stored. . Helps ensure authenticity of EPHI with digitalsignatures. . Improve productivity by using the web to instantly& securely share sensitive data. . Taceo offers an affordableway to securely store sensitive information on site. . Preventunauthorized access to your documents. . Prevent unauthorizeddistribution (no forwarding) . Prevent document editing (no cut,copy, paste) . Set expiration time/date on email & documents. .Ensures confidentiality and privacy. . Securely and permanentlydelete files to Department of Defense standards (DOD 5220.22-M).. Patients can download Taceo for free. . Meet regulatorycompliance requirements for privacy - HIPAA, PIPEDA, 21 CFR Part11, Sarbanes-Oxley
REDUCING YOUR VULNERABILIIES
No security software in the world is 100% unbreakable, even themost advanced digital encryption techniques can be broken orcircumvented by some person or organization with enoughmotivation, time and money. Taceo does not totally negate therisk of information leakage, for example a malicious individualcould take a digital photo of the screen or re-type the contentinto another document and distribute it. However, Taceoconsiderably reduces the risk that sensitive data can bedisseminated to unauthorized individuals or groups. TaceoSafeguards remain with the data no matter where it travels orwhere it's stored. Even if a CD or USB thumb-drive containingprotected data is stolen, the information contained therein willremain encrypted and cannot be opened by unauthorized recipients.
THE ANALOGUE TO DIGITAL MIGRATION
Although it's often difficult to make the initial switch tousing digital patient records, the cost savings can be profound,especially when amortized over a number of years. Benefitsinclude better accuracy in health records, less time spenttranscribing patient notes, filling prescriptions and receivingquicker payment from insurance companies. For the most part manyhealthcare practitioners have been slow to adopt digital medicalrecords, as of April 2005 only 16.4% of doctors in the UnitedStates had made the switch. Reasons most often cited for theslow adoption has been the costs in time and money. Fear ofcomplicated regulations also slow the transition; once recordsare in the digital realm HIPAA standards must be strictlyadhered.
Although the task appears daunting, individual and smallermedical practices can cost-effectively make the digitaltransition with largely low cost, off-the-shelf components.
Taceo, from Essential Security Software should be an integralpart of any digital migration plan. Taceo can help your officesecure the storage and transmission of PHI. Because Taceo can beused on almost any PC, it can be used to "bridge the gap" withoffices of other healthcare providers that have not yet made theswitch to digital records. Whether digital or analog, allorganizations that deal with patient medical information aresubject to HIPAA ordinances.
SUMMARY
Any healthcare provider or organization that works with patienthealthcare data is at risk for losing control of thisinformation. Unprotected electronic files containing sensitivedata can easily be accessed, altered, stolen and re-distributedto unauthorized parties. Electronic protected health information(EPHI) is subject to stringent HIPAA regulations; penalties forviolation of HIPAA rules can result in stiff fines and jailtime. Loss of EPHI can place healthcare organizations at greatfinancial and legal risk.
Taceo, from Essential Security Software can help small tomid-size healthcare providers mitigate these risks. Taceo canalso help organizations meet HIPAA requirements for the securetransmission, access and integrity of EPHI. Taceo is effective,affordable and easy-to-use software that enables healthcareproviders to securely store, transmit and receive sensitivedata. Taceo can encrypt and help control access to almost anyfile. Protected email and documents are safeguarded againstunauthorized forwarding, editing, coping, and printing or screencapture. Taceo opens up a new realm of possibilities neveravailable before with such ease and affordability. Healthcareproviders can securely email medical information to theirpatients. Pharmacies can use Taceo to send prescription orderinformation to doctors and customers alike.
Caregivers can quickly and securely collaborate with off-sitespecialists thereby ensuring patients receive good treatment andmuch more.
System Requirements . Microsoft Windows 2000/XP/2003 or newer .Microsoft .Net framework installed (if you don't have this Taceowill install it for you) . Internet access. . 15 MB of availablehard-drive space
Visit www.essentialsecurity.com
Article Source: www.ArticlesBase.com
