Complying with HIPAA, HITECH and mHealth Mandates

Visit Axway at HIMSS Booth #5757

Complying with HIPAA, HITECH, and mobile health mandates: Four items to address

By Ruby Raley, Director, Healthcare Solutions, Axway
Twitter:  @axway

Compliance is a serious issue for any enterprise — no matter its industry — but in healthcare, where penalties for non-compliance can now carry a fine of up to $1.5 million per violation, it can be downright daunting.

But it doesn’t have to be. By addressing the following key items, your enterprise can avoid compliance risks, minimize the threat of a breach, and take control of all of your data.

1. Managing identities in one place

Originally, the select few in-the-field caregivers who wanted to use mobile devices (e.g., iPads) simply obtained new IDs from their IT department and logged on to VPNs. Before long, many in-the-field caregivers had obtained new IDs, thanks to the rise of telepresence, BYOD, and patient portals. Properly managing these identities — a requirement of the HITECH Act — became a significant challenge for the enterprise.

To comply with the requirement, reduce your enterprise’s identity-management effort, and offer a consistent user interface, be sure to manage your users’ IDs with a single organizational tool. Users should be able to log in with one ID via a mobile device, a patient portal, telepresence, or a regular enterprise connection, yet still maintain their rights and roles.

2. Exchanging ad hoc information

To satisfy Meaningful Use Stage 2, you must enable patients, specialists, and others to view, download, and transmit health records at will. When the enterprise fails to allow these ad hoc exchanges, users turn to unsecured cloud-based file-sharing sites like Dropbox to accommodate requests for information, and the enterprise’s edge becomes prone to data breaches and malware. Make the prospect of using Dropbox a less convenient — and therefore less preferred — method for everyone by making secure ad hoc exchanges effortless.

3. Using the right channels

Organizational imperatives like CAQH Core Operating Rules challenge the enterprise to move all systems to real-time — even back-office revenue cycle management tools. Can your enterprise support collaborative conversations when obtaining physician credentials, patient identification, and records from organizations it’s never done business with? Can you manage not only real-time communications but regular communications with your health plans, providers, and others?

Strive to align your information channels with the appropriate encrypted channels, whether real-time or batch. You’ll enhance efficiency; your IT department will become leaner; and your speed for resolving claims will increase, which will positively affect your cash flow.

4. Walking the talk

Does the way you run your network respect HIPAA and regulatory policies?

If you provision network connectivity to your standards, it does! Take control of how partners request connections. Develop a policy approach for what data needs to move, which connection it needs to use, and who has access to that connection. Then, monitor that access with a visibility tool and keep searchable audit logs. This way, in the event of a data-breach investigation, you can prove to auditors that policy was followed, that there was no neglect, and perhaps even that — if it was an encrypted channel — there was no breach.

HIMSS13 promises to be a veritable summit of healthcare IT authorities, so be sure to watch for sessions that may offer additional strategies for addressing these four items. You may find yourself returning home with a more efficient solution that eliminates security risks while saving you time and money. Visit Axway at Booth #5757 during the show.

To learn more about using risk assessments to improve security and productivity in clinical record exchange and plan for Meaningful Use Stage 2 requirements, please download the on-demand Webinar, “Securing IT Infrastructure”:

Ruby Raley is Director of Healthcare Solutions at Axway. With over 20 years of experience, Raley collaborates with prospects and customers to develop value-added solutions for healthcare and life sciences.  She enables pharmaceutical manufacturers, distributors, healthcare providers, healthcare exchanges, and health plans to meet regulatory requirements while strengthening their IT infrastructure.