Live Chat | Login | Blog | Careers

emPower eLearning: February 2010

emPower eLearning

Saturday, February 27, 2010

HIPAA Law: Ensuring Secure Transmission of Patient Health Information Through Fax

Fax machine is a great asset, which organizations count on, to quickly send and receive information. It plays a significant role in managing well, the communication needs of the office. But with arrival of HIPAA law, it is mandatory for the covered entities and their business associates to install HIPAA complaint faxing systems so that protected health information of patients is not leaked out or exposed to unauthorized people during the transmission process.
As non-compliance of HIPAA law can invite penalties and criminal prosecution, it necessary to put in place few safeguards that make the daily use of the fax machine, safe and secure.
  • Fax systems, which support email encryption, should be installed. The protected health information system should be encrypted before it is faxed. This will protect the information from unauthorized access, because only receiver has the key to decrypt the message back into original form.
  • The fax machine should be configured in such a way that no copy of received fax is saved.
  • The Fax machine should have inbuilt copying system, which can print as many as copies needed. This eliminates the need of external document copier like, Photostat machine and prevents exposure of the confidential patient health information to unauthorized persons.
  • The fax machine should be placed in a secure place and accessed by only authorized personnel. On receipt of the fax, the message should be delivered straightaway to the intended recipient.
  • The fax numbers which are used regularly should be properly saved, and the speed dialing option should be used to prevent misdialing of the numbers.
  • There should be a sound policy in place, which manages efficiently the storage, duplication and disposal of the faxed protected health information, as per HIPAA law. The policy should also be able to address effectively, the wrong delivery of the PHI.
  • Before faxing to a new recipient, the number should be checked by sending a test message. This will ensure dispatch of crucial PHI to the intended receiver only.
Fax machine is integral part of the office communication system. Covered entities like clinics, hospitals, clearing houses, insurance companies and other health provider depend on it for their daily communication needs. With the advent of HIPAA law, the fax machine should be installed and used in a very secure manner.
HIPAA compliant fax machine should be used and have special encryption features, which allows the sender to encrypt the protected health information and send it as an email through the net. The PHI is encrypted into sequence of codes and transmitted to the fax machine of receiver also connected to the internet. The receiver has a key which decodes the encrypted email and prints back the information in the original form. Thus the message is faxed in a safe and secure manner over the net. These precautions help the health organizations to store and exchange the protected health information of the patient as per HIPAA law.
HIPAA compliant Fax helps in quick and safe transfer of patient health information.
Jason Gaya
Read more on HIPAA, at www.empowerbpo.com

Labels: ,

Thursday, February 25, 2010

Twitter - Tweeting the HIPAA Way

The increased use of the social media, especially Twitter, is a cause for concern for many people, keeping in the mind, the strict HIPAA compliance norms pertaining to patient health information. Twitter, is turning out to be the most favored communication tool, for healthcare professionals who want to maintain, quick and easy, connectivity with their patients.The increased use of social media in healthcare settings points towards the strategy of the healthcare organizations to advertise their services especially through Twitter, because of the vast reach, which it provides. To cut down advertisement costs in face of increased competition and economic downturn, healthcare professionals and organizations find Twitter, a cheap and effective advertising media.
Some surgeons tweet from operating rooms to the relatives of patient and keep them updated on the condition of the patient. For a marketing perspective, this might be a good way to woo more patients to the hospital by advertising about service, which reflects the customer-centric policy of the organization.
But Twitter in healthcare settings, is fraught with dangers. The HIPAA norms make it mandatory for all the covered entities like hospitals, health insurance providers, billing services and other health providers along with their business associates to ensure complete protection of patient health information, which they store, process and exchange between themselves. Irresponsible use of Twitter might result is leakage of sensitive health information of the patient and invite heavy fines and criminal convictions, which can ruin careers of the medical personnel, and tarnish image and business prospects of the health care organizations.
Use of Twitter from the operating room should be discouraged as it might affect the electronic signals of the machines installed in the room. Further a wrong or premature information tweeted from the room can damage the reputation of the organization. Any tweet, which leaks the identity of the patient or information, will surely invite legal troubles for the personnel and the organization.
It is necessary regulate the use of Twitter through a well managed healthcare social media policy. Vigilance should be maintained on what is being tweeted into the social media from the organization and all the medical personnel should be made aware of the regulations pertaining to the right use of Twitter. The tweeting rights should be given too authorized and reliable personnel. They should be made aware of the legal and financial implications of any lapse, which results in unauthorized display of confidential patient health information, knowingly or unknowingly.
Increased awareness, collective and individual accountability, sound social media management policy and sharp vigilance can make it easy for the healthcare organizations to use Twitter safely without leaking patient health information as per HIPAA laws.
Twitter and HIPAA can can co-exist with each other.
Jason Gaya
Read more on HIPAA, at www.empowerbpo.com


Tuesday, February 23, 2010

Employing E-learning to Achieve HIPAA Compliance

The busy schedule at the workplace makes it difficult for the healthcare professionals to attend training programs that educate about various HIPAA policies and standards. Many covered entities like the hospitals, multi-location clinics, health insurance companies and other health service providers are strictly bound by the HIPAA compliance norms and it is of highest priority for them to train their workforce in HIPAA privacy and security standards. This responsibility also falls on the business associates like transcription companies who provide support services to covered entities.
To educate the employees about patient privacy regulations, the organization needs to arrange for a training location, instructor and course material, which are costly. Further this type of arrangement makes it difficult for the employees to schedule their training program, without compromising their daily workplace routine. As a result the organization is likely to suffer production losses due to loss in man hours.
HIPAA online training courses offer a great opportunity to health organizations to train their staff in HIPAA compliance. The e-learning courses provide great flexibility healthcare workers to schedule their online education as per their convenience, without hurting their daily workplace routine. This means that the health service provider can maintain the desired productivity and at same time achieve complete HIPAA compliance.
Any HIPAA violation which is committed, knowingly or unknowingly, by employee or employees and leaks confidential patient health information, attracts severe penalties and convictions from regulatory authorities. To prevent such situation, the healthcare service provider should train the staff members in the HIPAA privacy and security standards.
The online learning courses run on Learning Management System and are user friendly. The employees can easily follow the course as per their convenience and stay updated on their progress, through a click of button. On successful completion of the course the candidates are immediately awarded their certificates.
HIPAA compliance online training courses train the employees of the covered entities and business associates so that safe management of confidential patient health information becomes the intrinsic part of their daily workplace schedule.
HIPAA online learning helps healthcare providers to train their employees easily.
Jason Gaya
Read more on HIPAA compliance at, www.empowerbpo.com

Labels: , , ,

Monday, February 22, 2010

Balancing Social Media with HIPAA

Social media is completely changing the way people communicate with each. The online networking platform that social media provides has made it quite easy for the people to converse, exchange ideas, share opinions and distribute information, to shape mass opinion about an individual, product, policy, healthcare, education, etc. The list runs long.
An organized and credible healthcare system is crucial for well being of the human society. Health insurance also falls under purview of healthcare system and patient health information is of great significance. Insecure and a compromised patient health information system can have severe implications on the health and financial condition of the patients. HIPAA plays a pivotal role by enforcing strict regulations, which provide complete protection to confidential patient health information. The covered entities like the hospitals, clinics, billing and insurance companies and their workforce are governed by HIPPA compliance laws. Any lapse on their part can invite strict penalties and convictions.
Doctors, nurses, medics, paramedics, surgeons, etc are nowadays using social media tools like Facebook, Twitter, Flickr, etc, to communicate with each other. The patients also use social media to search for the right physicians or surgeons who can address their specific healthcare needs. This is the positive aspect of the social media in the healthcare settings. Also increased accessibility gives the patients the opportunity to share and improve their knowledge about a disease and treatment. The use of social media, word-of-mouth testimonial benefits the patients by providing them reliable information, which they can count on to conclude successfully, their pending health issues.
But there are also some threats, which social media poses to the privacy of patients. Lack of proper social media usage policies for healthcare workers and the human lapses can seriously put the integrity and confidentiality of the patient health information at risk. The intentional or unintentional display of the patient health information will surely invite strict penalties and convictions as per HIPAA regulations.
Instead of creating friction or conflict between HIPAA with social media through irresponsible use, the health care organizations should administer a sound social media management policy, which ensures that no leakages occur and what ever goes on the net is not detrimental to healthcare rights of the patient. If some how the information does manage to slip through, strict vigilance should ensure timely removal of the content from the net. The medical staff should be trained to handle social media in such a manner that both, organization and patients, are benefited through its constructive use.
Instead of opposing each other, the social media and HIPAA must be harmonized in such a manner so that the vast reach, which social media provides, is used effectively to address the healthcare issues, without compromising the individual or collective healthcare privacy rights.
Social media and HIPAA can go hands-in-hands to provide great benefits to healthcare system.
Jason Gaya
Read more on HIPAA at www.empowerbpo.com

Labels: ,

HIPAA Compliance in FTP Hosting

The HIPAA compliance laws make it mandatory for the covered health entities, like hospitals, clinics, billing and insurance companies, and their business associates associates to use completely HIPAA compliant computer network systems. FTP or File transfer Protocol also falls under this purview.
HIPAA covered health entities exchange large amount of confidential patient health information. The business associates of the covered entities, like the transcription companies also come under the purview of the HIPAA compliance laws. For safe and secure transfer of large volumes of electronic patient health information, through the public network it is necessary to employ HIPAA compliant FTP. The file transfer protocol has two components, namely server and client. The FTP user gets a unique username and password through which he or she can easily upload or download electronic file from the FTP server.
HIPAA compliance rules make it necessary for the FTP servers of the health organizations and insurance companies to adopt security measures, so that the electronic health information of the patient is safely transferred from sender to the intended receiver. HIPAA compliant servers have following security features:
  • The FTP servers are protected by 128 SSL encryption technology. The file is loaded on the server in an encrypted form and can be downloaded, only by an authorized person or entity in the original form, through a unique key, which the sender and the receiver share amongst them.
  • HIPAA compliant server offers a very secure and fast transfer of large volumes of digital data through Multi-thread file transfer system. This is quite faster than the normal FTP transfer.
  • HIPAA compliance in FTP server enables the user to continue their use of the existing firewall service. The unique username and password protects the system from unauthorized intrusion.
  • HIPAA compliant servers are user friendly and make it easy to download/upload large files without any complications.
  • Special Intrusion detection system provides foolproof security and thwarts any rogue entry into the system.
The encryption feature of the FTP server makes it impossible for the intruder to access the sensitive information and this completely falls in the line with requirements of HIPAA compliance norms.
HIPAA compliant FTP server enable quick and safe transfer of large volume of patient health information through public network
Jason Gaya
Read more on HIPAA compliance at, www.empowerbpo.com

Labels: ,

Friday, February 12, 2010

HIPAA Compliance in Wireless Local Area Network

The rapid growth of communication technology and the need for connectivity during mobility has resulted in inclusion of Wireless Local Area networks in the modern communication network. WLAN provides the freedom to access, exchange, store and process the information from any point in the network.
Because of Wireless LAN, increasing number of doctors, nurses, paramedics and caregivers can process the patient data conveniently in large settings of the healthcare setting. The increased mobility, which it provides makes it easy for the medical personnel to exchange information while on move. This saves time, increases productivity and raises the quality of patient care.
But with this benefit of WLAN, comes an underlying security threat which can seriously compromise the ability of the health care facility to follow the HIPAA compliance laws pertaining to electronic exchange of confidential patient health information. The wired network, as it requires physical access, is safer compared to the wireless network. The open network architecture feature of the WLAN makes it easy for any unauthorized person to get behind the firewall and access the network. This poses a serious threat to the safety of the confidential patient health information, which is stored, exchanged or processed by the network.
To achieve HIPAA compliance the WLAN should have security features that are mentioned below:
  • Unique user identification.
  • Emergency access procedure.
  • Automatic logoff.
  • Encryption and Decryption system that creates tamper proof communication channel between the sender and authenticated receiver.
  • Ability to authenticate electronic health information and maintain integrity of the information.
  • The network should maintain its integrity through continuous monitoring and shut out any unauthorized access from any rogue entry point.
  • Clients associating with rogue entry points should be shut off from the network, unless they approach from the authorized access point.
  • Any change in the configuration of the access points, which points to unauthorized access should be immediately brought to the notice of the IT manager through proper communication channel.
  • Able to maintain a audit log of the time, nature and resolution of the intrusion and steps taken to avert it.

In the end the WLAN in any healthcare setting should be securely configured in manner so that it becomes safe for the organization to store and exchange the confidential patient health information in line with HIPAA compliance laws.

HIPAA compliance helps to secure the WLAN network for safe exchange of patient health information.

Jason Gaya

Read more on HIPAA compliance at www.empowerbpo.com

Labels: ,

Thursday, February 11, 2010

Joint Commission: Ensuring Highest Pediatric Care Standards Through Safer Medication

Wrong drug administration or a drug mix up can cause serious harm to the health of the patient. The risk increases manifolds, if the patient happens to be a child. A baby, kid or grown up child are at high risk from wrong drug administration and it is of utmost importance for the healthcare facility to follow the stringent Joint Commission laws specially created for this purpose.

Children at Higher Risk to Faulty Medication

When it comes to medication errors the children are at a greater risk and face more harm to their health than adults due to following reasons.
  • The drugs are generally formulated and concentrated keeping in mind the needs of the adult patients. For pediatric patients the drug dosage is altered to suit the needs of the children and this is where errors creep in
  • Most of the healthcare settings are designed to handle the adult patients and generally lack the pediatric handling capabilities to address the medical needs of the children,exposing them to risks of drug complications.
  • As the children cannot communicate effectively about the side effects of the drug the medical staff does not get the feedback, which it can get from an adult patient. As a result it becomes difficult to mitigate the side effects due to wrong medication.
  • Lack of proper documentation and communication gap during the change of shift, admission, discharge or transfer of the child patient from one hospital to other is one other major reason of pediatric drug complication.
Employing Joint Commission Strategies 

As the harm to the children due to faulty medication is more pronounced, the Joint Commission has several rules in place and at same time suggests newer practices with the sole objective to protect the children from drug complications.
  • The health facility should follow a standardized pediatric drug formulation policy and place stringent quality checks to ensure the right the dosage concentration before it is administered to the patient.
  • The medical staff should be trained to administer oral medicines by oral syringes and thus prevent their administration through venous route.
  • The medics should communicate effectively with parent on how to maintain the same level of drug dosage after discharge of the child from health facility as a part of continued treatment and recovery.
  • To prevent mix up of dosage concentration, the adult drugs should be kept separate from the pediatric preparations. Further wherever possible commercially available pediatric specific formulation should be used.
  • All pediatric patients should be weighed in kilograms and the requisite dosage of the drug should be administered according to the weight.
  • Pediatric experts and pharmacist should be assigned to the child care unit to oversee medication process and at same time guide the medical staff on how to follow the requisite safety standards for pediatric care.
  • High risk medications should be given in minimum required dosage strength and frequency to protect child from associated side effects.
  • The nurses, paramedics and the pharmacist should be well trained in use of specialized pediatric equipments.
  • The Joint Commission requires the health care facilities to employ continuous monitoring of the child under sedation, through pulse oxyimetry to prevent over sedation and its fatal consequences.

In the end the Joint Commission lays stress on building a proper communication channel between the caregiver or parents with the doctors or nurses to ensure that all the information about the medication procedure of the child is well understood by the parents. As a part of extended treatment in the home, the parents should clearly understand the dosage concentration, timing, route of delivery and the side effects associated with drugs. This will ensure that the child is protected from the drug overdose or complication even when he or she is at home, recovering from the illness, after being discharged from the health facility.

Joint Commission regulations protect children from faulty medication.

Jason Gaya

Read more on Joint Commission on,www.empowerbpo.com

Labels: ,

Wednesday, February 10, 2010

Joint Commission: Enhancing Patient Safety through Better and Safer Management of Medication.

Wrong medication is a worrisome issue that haunts the healthcare facilities around the world. Improper medication procedures lead to unsafe drug mix up or drug overdose, which exposes the patient to risk of drug complications and at same time increases the cost of treatment. The Joint Commission strives to make the medication procedure as safe as possible by encouraging safe practices. The prime objective is to eliminate the medication errors, which can occur during the course of patient´s admission, transfer, treatment or discharge.

Joint Commission strives to enhance the patient´s safety through inclusion of following safe practices into the medication procedure with the sole purpose to eliminate or drastically reduce the risk to patient´s life due to drug complications.

Involve Patient in the Treatment

The idea is make the patient central figure in the medication procedure. The patient should be allowed to speak openly about the treatment and his or her views should be taken into account. Further medical history, allergies and drugs that induce adverse reactions in patient should be taken into account while prescribing the drugs. This is a crucial feedback, which should guide the medical staff to treat the patient successfully without putting his or her life at risk due drug complication, at any stage of the treatment. The patient should be made aware of drugs prescribed and how they will help them in their recovery. Any doubts pertaining to the drugs should be clarified so that they can use the drug properly and at same time understand the resultant side effects.

Maintain Proper Medication Documentation

The hospital on admission should check the past medical records and take into the consideration the present requirement before prescribing any medication. It should maintain a detailed record of daily dosage administered, the delivery route and patient´s allergies. Specific care should be taken while administering high risk medicines, which if wrongly administered, can seriously threaten the life of the patient. Further during discharge or transfer to another health service provider, the prescribed medication and the frequency of use should be verified so that no drug complications occur.

Involve a Pharmacist.

There are many drugs that are available in the market, which have similar names but are used for different purposes. Any mix up due to wrong communication in form of bad writing or lack of proper drug knowledge can put the health of patient at risk. The availability of increasing numbers of newer drugs in the market makes it difficult for the doctors to keep themselves updated. This compromises the patient safety. The best way out, is to involve a pharmacist in the medication process as the doctors can have extra pair of sharper and trained eyes that can easily eliminate the medication errors and ensure patient safety.

Double Check the Medication Procedure

There should be an independent entity that crosschecks the whole medication procedure of the patient right from the prescription to actual administration of the drug to the patient. This extra safeguard helps to filter out the errors that might still exist in the medication procedure no matter how well it has been followed by the medical staff. This is a key security feature, which effectively removes any shortcoming that might have been overlooked or crept into medication procedure due to human lapse.

The prime objective of Joint Commission here, is to create a medication procedure, which encourages patient participation and at same time places stringent checks to root out any existing discrepancies in the medication procedure so that patient is protected from drug complications.

Safer Medication procedure protects patient from drug complications.

Jason Gaya

Read more on Joint Commission, at www.empowerbpo.com

Labels: ,

Monday, February 1, 2010

Joint Commission: Adopting the Right Approach to Eradicate Disruptive Behavior from the Health Care System.

The Joint Commission has laid down rules and regulations to deal with disruptive behavior of the healthcare workers. The purpose is to control unprofessional behavior of the nurses, doctors, technicians and other healthcare workers by issuing sanctions against them. The aim is to reduce or eliminate completely disruptive behavior and ensure that highest standards in patient safety are met.

But doubts have been raised about credibility of the Joint Commission codes to function properly in an unbiased manner. This is because they can be misused by anybody who wields power and authority, to settle a personal score with fellow team member. Further mere implementation of stricter rules will not be enough to control this problem. The lack of trust in ability of the administration to fairly sanction any erring medic might deter the staff member to report abusive behavior and in process compromise the safety of the patient.

Instead, a more creative approach, which analyses the root cause of this problem and encourages the use of social influence to improve the overall healthcare atmosphere should be adopted. The Joint Commission regulations along with social influence can provide the right solution to this problem of disruptive behavior, which is on rise in the healthcare industry. The basic idea is to make the team members to interact with each other, understand their problems and strive to solve them through a collective discussion. This all can be done by following these steps:

  • The healthcare or hospital administration should accept the responsibility of the abusive incidents whenever they occur, instead of ignoring them. This acknowledgement will provide a greater visibility to the underlying problems and help to address them more effectively.
  • The administration should encourage the staff member to speak up against any disruptive behavior, which impedes or threatens, patient care. Instead of maintaining silence, the healthcare worker should report any form of incompetence, violation of patient safety and abusive behavior of his or her co-worker to the administration.
  • The administration should back any worker who points out any violation and take appropriate steps to sanction the person who has resorted to an abusive behavior with the patient or other staff members, and in process, seriously undermined the safety of the patient. Instead of ignoring, the nurse managers or administrators should respond to escalations effectively through sanctions, so such an act is not repeated by the erring medic in the future.
  • Finally the management should educate the medical staff through training programs on how to effectively use the power of social influence to neutralize escalations at workplace. The aim is to bridge the communication gaps and make the team a closely knit unit so that it provides a safer environment to the patient.

The Joint Commission regulations and the social influence should be integrated together to create an effective strategy, to curb this growing menace in the healthcare industry. This will protect the patients from abusive behavior at healthcare facility and completely eliminate the associated risks.

The use of social influence should be encouraged to deal with disruptive behavior.

Jason Gaya.

Read more at, www.empowerbpo.com