X-Ray Film Scanners and Digitizers, X-Ray Film Scanning Services and Software
HIPAA Compliance, Scanning and EMRsposted Dec-8-2014
The Health Insurance Portability and Accountability Act, also known as HIPAA, not only regulates health insurance coverage when employees leave their current place of employment, it also stipulates the quality, security, and privacy standards for electronic medical records. There are two important facets to HIPPA when talking about EMR:
- The Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. It requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization;
- The HIPAA Security Rule addresses the privacy protection of electronic protected health information (PHI); and, similar to the Privacy Rule, the Security Rule deals with identifiable health information as defined by 18 specific HIPAA identifiers. The Security Rule defines standards, procedures and methods for protecting electronic PHI with attention to how PHI is stored, accessed, transmitted, and audited.
These HIPAA requirements were established to protect patients from improper handling of their protected health information. The requirements also ensure efficient data sharing is accessible for enhanced patient safety and care. Another purpose of the rules is to ensure that patient’s data does not get mixed up. When used properly, electronic medical records can ensure a health care provider stays in compliance.
If you’re implementing an Electronic Medical Records (EMR) System and you need medical records or xray film scanned for incorporation into your EMR, it’s important that you know what HIPPA requirements must be met when you select a scanning service to do the work for you
What businesses must comply with HIPAA laws?
Any healthcare entity that electronically processes, stores, transmits, or receives medical records, claims or remittances. The keyword here is electronic. This means that if you use a scanning service to outsource your medical records and x-ray scanning, then that service must comply with HIPPA laws.
What is Protected Health Information (PHI)?
Information collected from an individual by a covered entity that relates to the past, present or future health or condition of an individual and that either identifies the individual or that the information can be used to identify the individual must be protected. This means that the scanning service bureau must have procedures in place to protect all identifying health information on any records that they scan.
Scanning Bureau HIPAA Compliance
When you’re choosing a scanning service bureau, HIPAA compliance may mean procedures such as having a private, locked area where patient health records are stored and scanned. In addition, security of the medical records and images may require administrative safeguards, such as a HIPAA security compliance person who oversees the scanning of documents; physical safeguards such as protection of electronic systems, equipment and data; and technical safeguards such as authentication & encryption used to control data access.
All employees who scan the medical records must have a training session which discusses HIPAA compliance and privacy standards.
The HIPAA enforcement rule took effect in 2006. This HIPAA rule creates civil punishment criteria for any health care provider violations of the “Administrative Simplification” rules. Prior to this rules creation, civil and criminal penalties were imputed only on health care providers who weren’t in compliance with just the privacy rule. This rule opened the door for punishment on any violation of these rules. This rule also outlines the standard procedures for any necessary investigations, it outlines what factors are used to determine the penalty, and it outlines the procedures necessary to appeal a ruling.