White Paper: Achieving Regulatory Compliance with FaceTime IMAuditor^™

Regulatory Compliance in Healthcare

The Health Insurance Portability and Accounting Liability Act of 1996 (HIPAA) was enacted on August 21, 1996 to reform the insurance market and simplify health care administrative processes. The administrative simplification part of HIPAA is aimed at reducing administrative costs and burdens in the health care industry by adopting and requiring the use of standardized electronic transmissions of administrative and financial data. HIPAA requires the U.S. Department of Health and Human Services ("DHSS") to adopt national, uniform standards for the electronic transmission of certain health information.

HIPAA is intended to lower administrative costs, enhance the accuracy of data and reports, increase patient satisfaction, thereby improving access to health care and improving cash management throughout the entire chain.

The administrative simplification is a method of making business practices (billing, claims, computer systems, and communication) uniform in order that providers and payers do not have to modify the way in which they interact with each other through other proprietary systems. HIPAA is intended to reduce the number of forms and methods of completing claims, other payments and related documents, and to use a universal identifier for providers of health care. Another goal is to increase the efficiency and use of computer-to-computer methods of exchanging standard protected health care information.

Among the administrative simplifications addressed by HIPAA are Privacy and Security. Privacy standards define appropriate and inappropriate disclosures of individually identifiable protected health information and how patient rights are to be protected. Security standards for all health plans, clearing houses, and providers proscribe all stages of transmission and storage of health care information to ensure integrity and confidentiality of the records at all phases of the process (before, during, and after electronic transmission).

An example of a privacy violation or security breach is any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Today, more and more health care providers, plans, and others are utilizing electronic means of storing and transmitting health information.

The use of electronic information has also helped to speed-up the delivery of effective care and the processing of claims. Greater use of electronic data has also increased our ability to identify and treat those who are at risk for disease, conduct vital research, detect fraud and abuse, improve productivity, deter inappropriate behavior at the workplace, protect proprietary information and intellectual property and measure and improve the quality of care delivered.

While the ease of information transmission affords many benefits to individuals and to the health care industry, the electronic information that is transmitted and stored is transforming the manner in which health information is recorded, in that disclosure of information may require only a push of a button. In a matter of seconds or in real-time via instant messaging, a person's most profoundly private information can be shared with other individuals and organizations.

The Final Rule of the Health Insurance Reform is focused on the content of the information transmitted and stored, as opposed to the medium of electronic communication (such as e-mail or instant messaging). According to the preamble to Final Rule, the implementation of privacy and security compliance will reduce the potential overall cost of risk to a greater extent than additional controls will increase costs. Put another way, the potential cost of not reasonably addressing privacy and security risks could substantially exceed the costs of compliance.

IM is a robust medical tool for the health care industry in the 21st century. The opportunity to utilize the technology of real-time electronic communications in every step of the delivery of health care services to patients can improve efficiencies, improve the speed at which medical information is processed, and, in turn, improve the overall health care experience for the patient and medical provider alike. At the same time, the use of IM presents challenges. These challenges are centered around protecting the privacy of communications between a patient and a medical provider and managing the information transmitted and stored in a manner that encourages the utilization of IM by covered entities. Based on the analysis found in the Final Rule issued by the DHSS as it relates to the recognition that "electronic messages" are an important and relevant part of the overall health care process, it is not unreasonable to logically consider IM as another form of electronic media that is subject to the requirements of HIPAA.

The goal now is for technologists and covered entities to determine how best to apply IM in the health care arena in order to improve the well being of patients while maximizing efficiencies in the delivery of health care to all.