Rincon India Solutions Pvt. Ltd.

Tag: Medical Records

  • Reblog: Going Beyond HIPAA: 5 HIPAA-Related Pitfalls And How To Avoid Them

    The Health Insurance Portability and Accountability Act (HIPAA) is a very complicated compliance standard to tackle. There are strict privacy requirements surrounding the handling of patient medical and personally identifiable information, but how these requirements are met is left largely up to the individual healthcare organizations. Add HIPAA’s requirements for portability and accessibility to the fact a given healthcare organization’s electronic medical records (EMR/EHR) system may not be able to directly communicate with another organization’s and exchanging protected information can get complicated.

    The complicated process of exchanging protected health information (PHI) opens the door to accidental HIPAA violations, and potentially worse, a full-scale data breach. To help, here are 5 common HIPAA pitfalls to avoid while you navigate the path to compliance:

    Insurance Claims Denial

    Every organization that needs to comply with HIPAA should be keenly aware of the costs of a data breach, but what happens if a violation or breach happens anyway?

    Organizations typically have some kind of insurance policy to protect against damages from HIPAA violations or data breaches, but it is not uncommon for them to have their claim denied over improperly filled out applications, a failure to maintain adequate security, or otherwise not meeting the requirements placed by the insurance company.

    Insurance providers may have security requirements that go beyond what is required by HIPAA. It is important for organizations to meet these requirements not only to ensure their insurance policy is valid in the event of a breach but because they can often help an organization shore up its security, helping to avoid a breach or violation in the first place.

    Lawsuits and Legal Expenses

    The annual cost of a Data Breach Report 2019 from IBM Security and the Ponemon Institute indicates one of the biggest expenses related to a data breach isn’t the fines from the violation itself, rather the “post-data breach response.” That is, everything related to helping customers affected by a breach, as well as costs associated with redressing the situation, paying reparations, and dealing with any legal fallout from partners.

    What this means is that while complying with requirements laid out by HIPAA and insurance policies is essential, it is also vital to ensure your organization complies with every other relevant law, standard, business associate agreement, or even contractual obligation. Considerations even extend to things like PCI DSS compliance if a given healthcare organization accepts or handles credit card payments, satisfying state laws for protecting patient and employee information, and ensuring the organization and its employees meet professional licensing requirements.

    There are multiple reasons for this. Not only does compliance with many of these requirements help bolster your organization’s security posture, but it also helps to ensure any available legal protections are applicable and works to mitigate liability if a HIPAA violation does occur. This in turn can help reduce the overall cost of the post data breach response.

    For example, if an organization contracted to handle payment processing for a major hospital suffers a data breach resulting in a HIPAA violation, the hospital may hold them responsible for damages if the payment processor failed to meet PCI DSS compliance, regardless if they were meeting the requirements for HIPAA compliance. On top of this, the payment processor may see their insurance claim denied over failing to maintain PCI DSS compliance.

    Hardware and Software Misconfiguration

    Setting up an IT environment is complicated in the first place. Add in HIPAA compliance requirements, contractual and insurance obligations, and meeting other applicable standards and legal requirements like the ones mentioned above, and it’s a recipe for confusion. Confusion, in turn, leads to mistakes.

    A best practice for mitigating this confusion is to identify all of the requirements for your IT environment, both in regard to the functions it needs to perform and the legal and security requirements it needs to meet. From there, generate a thorough checklist for every individual piece of hardware and software that needs to be implemented, being sure to include things like proper environment architectures, app security policies, and even steps for testing to ensure the environment and all of its components are functioning as intended.

    Falling Out of Compliance

    Basic logging and monitoring is a requirement of HIPAA, however, modern monitoring solutions can do more than meet HIPAA requirements. Many of these solutions can not only deliver valuable insights into usage trends in your IT environment, but many are capable of proactively identifying security risks. These risks can include misconfigurations, suspicious network activity, and applications or hardware that have fallen out of compliance or need a software update.

    Further, in the event of an audit or incident, a quality logging solution can help provide clear insight into user and environment activity. Detailed logs can help rapidly address the requirements of a compliance audit as well as in identifying the source of a data breach if one occurs.

    Insufficient Auditing

    An organization leveraging a quality logging and monitoring solution should not stop there, however. While it may deliver meaningful and actionable insights into your environment’s activity, audits remain the best way to assure ongoing compliance. Organizations may leverage internal compliance assessment teams and monitoring solutions, however, it is possible for organizations to erroneously believe they are compliant when they are not. As such, it remains a best practice to leverage an expert third party to conduct compliance and security audits, including for HIPAA.

    Every time a new piece of hardware or software is implemented, one of the last steps on the implementation checklist should be to audit the entire IT environment before making it live. An audit serves as a final check to ensure applications and hardware are properly configured, the environment is architected in the most efficient way. An audit can also check to ensure that the organization is in fact meeting all of the requirements and criteria for HIPAA and any other applicable legal requirements and security policies like those noted above. The audit can also check to ensure that security policies, procedures for implementing the policies, and evidence they’ve been implemented have been properly documented and that those policies have been updated as appropriate.

    If security gaps or any other issues are identified in this audit, the organization will then have a chance to remediate these issues before the environment goes live and the issues actualize into real problems. Organizations should leverage both regularly scheduled as well as random audits to help avoid any undetected error or issue that could result in a breach or falling out of compliance. Additionally, in the event of a breach or HIPAA violation, regular audits may help mitigate claims that a given organization was negligent in their security practices.

    The original article can be found here.

    For more information e-mail us at sales@rincon.co.in and we will be glad to assist you.

  • Reblog: Ahmedabad Civil Hospital Embraces Digitisation

    Medical Records are now easier to retrieve for patients and doctors due to digital entry and filing of documents

    The Ahmedabad Civil Hospital has started digitising its records and has instituted a modern system of physical filing of records for the first time since digitisation came of age and years after Prime Minister Narendra Modi launched the Digital India campaign.

    However, the hospital claims it is far ahead of other hospitals in state and that its data is linked to other government hospitals as well.

    The new system will make it easy for patients to gain access to records, for doctors to study medical history and police to get information in medico-legal cases.

    With the new Hospital Information System, digital records are interlinked to physical filing, divided by bundles, shelves and racks at the micro level to ensure it is retrieved as a moment’s notice.

    The system that is operational since past two months ends the dependence on trusted peons and keepers of archives who until now were the only ones who could find a file.

    With over 10,00,000 files accumulated in past decade, locating a file from the archives was a nightmare for patients and doctors in the absence of these men. Civil Hospital sees 3,000 patients a day with 250-300 new cases being registered daily.

    At present the hospital has three scanners but talks are under way to get two more so that digitization can keep pace with number of cases.

    Medical Record Officer (MRO) of Civil Hospital Dr. Sanjay Solanki said, “There are two phases to this operation. One is to digitize new cases and we have begun doing so for two months. We can now access any document with the click of a button. The second phase is to digitize earlier documents which will take time.”

    Dr. Rajnish Patel of the General Surgery Department said, “It is wishful thinking that this will fall in place immediately. It is still quite an effort to get patient records, but it will get better with time.”

    Superintendent Dr. M M Prabhakar said, “Our Hospital Information System is at least five years ahead of other hospitals. We have connected our system to other government hospitals so our data is available to all. The digitisation of our archives will take some time, but it will happen.”

    Meanwhile, for those entrusted to maintain records for years, it is a big turnaround.

    Ashok Nagpure, (59), an old-timer who has for decades handled the medical records is one of the two to be trusted to locate a file within half an hour in case of emergencies. It is a gargantuan task given that there are two large halls stacked with a decade worth of data.

    The advent of the digital filing, Nagpure can now relax. He is set to retire in a couple months and says it is only fitting that his tenure is ending just as the winds of change are blowing through the sanitized corridors.

    Deepak Shinde, 54, another Peon said, “Earlier, we went through so many files each day to locate one. We had a search time of half an hour to three days. Plus, at least 50 files were demanded every day. With all our old staff slowly retiring, I’m glad there’s another way to get the files.”

    The original article can be found here.

    If you are looking for a patient record management or a document / records management solutions, e-mail us on sales@rincon.co.in and we will be glad to assist you.

  • Reblog: Dubai Announces Initiative to go Paperless by 2021

    In an effort to eliminate the need for physical visits to government customer service centers, Smart Dubai, a government entity, announced earlier this year that it plans to fully digitize its services to residents and expatriates through the use of information and communication technology (ICT).

    The smart initiative was launched by Dubai Crown Prince Shaikh Hamdan at the Future Now exhibit in Dubai Design District. It will enable individuals to find and fill out government forms, renew licenses and documents, pay fines, search for vacant properties and more through an online platform that can be accessed via smartphones. Since the online platform, aptly named Dubai Pulse, was announced in April, all Dubai government departments have been working hard to populate it with data.

    Dubai Pulse: Streamlining Government Processes Means Happier Residents and Visitors

    “Today, in the era of Big Data, it is essential to have a central platform to house all of the government’s data, a platform that taps into the potential of artificial intelligence to spread happiness among the people,” said Crown Prince Shaikh Hamdan.

    In an interview with Gulf News at the Dubai Pulse launch, Dr Aisha Bint Butti Bin Bishr, Director-General of the Smart Dubai Office, that the platform will help relieve day-to-day stress in the lives of both residents and expatriates by giving them the ability to accomplish much more online, thereby greatly reducing the number of physical trips made across the city.

    “What we are trying to do is put people in more mindful situations so that they can plan their lives and be happier,” Bin Bishr told Gulf News. Most people living in major cities can attest to long wait times at government offices. When renewing a driver’s license, for example, simply filling out a couple of forms and having a photo taken can mean having to take an entire afternoon off work.

    Not only will individuals benefit from being able to do so much with the click of a button, the environment will benefit as well. The Dubai government estimates that there will be up to 80 million fewer car trips by motorists running errands over the next four years thanks to the Dubai Pulse online portal. A drastic reduction in harmful emissions indeed.

    Paperless Dubai of tomorrow: building a smart city

    Although the government sector represents a major portion of the new initiative, what does paperless Dubai mean when it comes to other industries?

    Earlier this year, the Dubai Health Authority (DHA) aligned itself with the Smart Dubai initiative by making medical records electronically available to patients in several of its health facilities. The paperless initiative, deployed in three phases that will see all DHA facilities going digital by November 2017, eliminates the need for manual files and guarantees that patients will have one unified medical record should they visit multiple DHA facilities. The new system also acts as a cross-referencing tool for medication and allergy interactions and will provide real-time notifications of changes in patient medications and conditions.

    “Our smart initiatives are aligned with the Dubai Health Strategy 2016 to 2021 and the Dubai smart government strategy, which aims to transform Dubai into a smart city.” said Humaid Al Qatami, chairman of the board and director general of the DHA

    With both the government and healthcare sectors of Dubai moving towards total digitization in an effort to provide greater convenience and seamless service to locals and visitors, its only a matter of time before other industries follow suit.

    Looking for a way to create a paperless environment in your organization? Contact us to find out how you can automate several of your workflows with digital secure file exchange solutions designed to protect yours and your customer’s sensitive information.

    The original article can be found here.

  • Video: Millions of Medical Records lost in fire

    Video: Millions of Medical Records lost in fire

    [youtube]http://www.youtube.com/watch?v=rL7RQzBUMrM[/youtube]

    UNM hospitals based out of Albuquerque, New Mexico, USA lost medical records of 1 Lakh patients due to a fire in a warehouse complex. This was the warehouse where they had stored the records. This only goes to show how vulnerable hospitals are to such losses in the absence of a proper records management solution. Get smart. Get a good EDMS solution. Contact us on sales@rincon.co.in or call us on +91 22 61461616

  • Leaking health information may land you in prison

    Most of us believe that our medical and other health related information is private and is protected. As an individual we supposedly can decide who can look at and receive the information like our insurers, employers or any other government health care agency. In India even though there is no clear rule / law which states what information can be shared in the public domain. The Privacy Bill, 2011 could be the initial step from the government on implementing some privacy act. Here is the news article that appeared in The Deccan Herald.

    Getting this rule implemented calls the hospitals to review the existing security measures followed in safe guarding the patients’ health information. In short your health information shall be protected in a way that does not interfere with your health care. The health information cannot be shared without your written permission unless the law allows it but it is also necessary to keep a complete audit trail who has accessed the same to avoid any misuse. To view the analysis of the Privacy bill click here

  • Why should Hospitals have an EDMS?

    An Electronic Document management solution (EDMS) is a clear winner as a solution for challenges hospitals face when handling medical records. We are highlighting the top 5 reasons why any hospital should opt for an EDMS:

    1. To have an efficient and a cost effective solution
      To get the relevant documents and information when required without wasting time and effort is of paramount importance in the health care arena. By viewing a medical document, different doctors can take a consultative and collective decision in any critical situation irrespective of where he is. Paper archives are extremely time-consuming to be your source of information in the long run. Not only is it difficult to fetch information from a physical document library (especially an off-site one) but also causes a whole range of tasks connected to a business process to queue up, leading to activities getting delayed and possible cost escalations. You may not feel the pinch during good times; but during an economic downturn, having invested in an EDMS can mean lower costs when it matters most. In short for efficiency improvement and to provide a collaborative means of working an EDMS is a must.
    2. To avoid Data theft / Loss of data by securing the same
      Trust but verify – Knowing who accessed what and when, is a big deal when we talk of compliance.While this may sound complicated, the fact is that information management today is more accessible than ever. Keeping an audit trail and giving the correct level of access to the right people is mandatory for any EDMS. Access control for healthcare documents is a mandatory exercise which needs to be structured with utmost care. Specific modifications can be locked out for certain users based on the hospital’s requirement. Organisations should not only adhere to the compliance requirements but also should ensure that none of the documents / information is lost or misused. In the situations where patient insurance details are misused to avail false claims it is a must to protect the data / documents from falling into the wrong hands. Having documents in the soft form also helps in maintaining backups so that in case of natural calamities or systemic failure the data is protected.
    3. To avoid delinquencies in managing medical records
      The requirements for timely medical record completion are well established in the law and through industry accreditation standards. Insurance companies and governmental payment programs may generally deny reimbursement if medical records are not complete when a claim is processed for payment. Good patient care requires the timely completion of medical records. Unless the latest documentation is included in a patient’s chart, it is unlikely that the chart will reflect what the practitioner knows and the treatment that was provided on the day that he evaluated the patient. Patient care errors can occur if medical records are incomplete when additional care is required. The medical staff rules and regulations of most hospitals have provisions which allow for the warning and then take disciplinary actions on practitioners who do not comply with the requirements for the timely completion of medical records. By having a good EDMS solution in place the MRD person would easily able to identify if any important document is missing for a patient by simply glancing through the patient document details.
    4. To provide better patient satisfaction and have a competitive edge
      Having an EDMS in place will bring dramatic improvement to respond to any requests from patients or insurance companies efficiently and effectively. These benefits are derived from the fact that accurate information about each episode of care and related patient and financial information is organized and stored in the system and accessible within seconds. Relevant users can verify billing, dispute erroneous claims and respond to any other questions while the person is waiting on the phone because all of the information is right there at their finger tips. The organization derives straight-line return on investment from its ability to answer questions on a single call-saving the cost of returning telephone calls. Customer service will be improved substantially by using a EDMS without doubt.

      A few small lapses in levels of customer service may not be too detrimental. But when the hospital’s medical record management policy (or lack of it) leads to a serious strategic or tactical error, it could result in the hospital’s reputation being seriously tarnished. This can jeopardize the hospital’s position in the market in the long term and have a cascading effect on other areas of operation.

    5. To focus on your core business
      Being busy with the mundane work doesn’t give any employee job satisfaction nor learning. Enormous amount of effort and energy may currently be spent in finding the relevant document when a doctor asks for some reports or insurance company ask for some set of documents. Instead of spending that time on searching documents, employees could spend time on quality work like improving performance of the department, reduce the billing cycle, streamline TPA activities etc. By focusing on quality work, the overall efficiency of the organisation would be improved and employees would feel the pride of working for the organisation.

    To help manage the barrage of paper and medical records associated with patients, vendors etc. investing in a good EDMS software is the best option which could integrate with the existing software including the HIMS system in place. The last thing you want to do with your new document management system is spend precious staff time doing backfile conversion. Leave that to the professionals and focus on your business.

    Contributed by Ashish Baby

  • Medrecon 2011 – Hyderabad

    We participated in the recently held Medrecon 2011 conference in Hyderabad. This is an annual national conference on Medical Records. With a view to increase our reach in the Indian market particularly for the Medical records department in the India’s leading hospitals, along with our technology partner e-bizindia participated in the event organized by Kamineni Hospitals. This event provided an opportunity for the health record professionals to enrich their knowledge, skills, technology and get updated with the latest trends in health records management. It was a unique platform to interact with each other to enhance efficiency, accuracy and get updated on the technological advancements related to medical records and health information management. There were more than 300 participants from various healthcare fields like Doctors, Medical Records Professionals, Health care Administrators, Medico-legal experts, I.T professionals from the field of Hospital information management and Document Management Software side. It was great experience meeting the experts and understanding current processes, practical challenges in deploying solutions and know the future scope of EDMS solution in the healthcare segment.

    During the event scientific papers on various following topics were presented by delegates and sponsors. To name few which attracted my interest was

    • Digitization of Health Records (Focus on Problems & Prospects)
    • Transition from Health records to Health information management (Focus on Future vision)
    • Legal Aspects of Medical Records (Focus on R.T.I.& C.P.A)
    • Health records and Health insurance (Focus on tackling the challenges)
    • Role of Medical Records in Health Tourism (Focus on records/data sharing)
    • Initiation towards formation of National Health Record Policy & Health Records Council of India (Focus on Implementation Issues)
    • Modern trends and techniques on Medical Records (Focus on present scenario)

    As part of our participation, we had a booth where delegates could walk in and see our solution and engage in discussions. They walked away with information and a chart were they could record information pertaining to the medical records they handled. We also got an opportunity to present our solution on the need to digitization of paper based medical records and the importance of integrating an EDMS solution with HIS, HMIS, EMR, EHR and other applications in the organisation. During one of the panel discussions, there was a discussion on the need to work towards standardizing curriculum for Medical Record Professional. One of the delegates suggested having online examinations for Medical Record professionals which I felt was a very valid point in today’s times.

    Contributed by Harshad Thakkar

  • Future trends of medical records

    Patient data confidentiality and internal data security at hospitals will continue to be at risk if proper care is not taken while transferring data from paper form to the digital format. All good hospitals wish to leverage the growing power of information technology in the health care industry so that the quality of care and efficiency benefits that come with computerization are utilised for improving the overall patient experience.

    The latest market research report by Global Industry Analysts (GIA) on Electronic Medical Records (EMR) shows that EMR systems are widely accepted in the health care industry worldwide. Hospitals now have a system for effective management of data, less costs, minimum staff and improving the quality of care. The paradigm predicts that patients will become the decision makers in future health care interactions and most importantly, patients will own their own health data, rather than it being owned and contained by health care institutions and professionals. If this trends grows, there is a possibility that people will start building communities and share their experience. This enables patients to understand a great deal about their health and any illnesses they experience and improve the quality of their lives thereby. Doctors also feel that EMR will help them to maintain high-level of quality patient care while keeping ahead of the curve as a state-of-the-art hospital/clinic. EMR for various specialities is also an emerging trend and oncology is the first to start with.

    Contributed by Ashish Baby

  • Every Medical Record Matters

    Every Medical Record Matters