As in all other aspects of modern life, the healthcare industry is transitioning to a mostly paperless environment. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect the privacy and security of health information. The Security Rule portion of the legislation specifically addressed electronic versions of protected health information (PHI), keeping it secure, yet allowing covered entities to evolve their practices technologically. A covered entity is any health care provider, health plan, or health care clearinghouse that handles PHI.
HIPAA does not explicitly address scanning equipment, but the general rule of thumb is that entities must perform a risk analysis, determine if a particular piece of equipment is secure, and address any potential risks. Covered entities are required to follow four general rules that pertain to electronic PHI:
We will focus on the first rule here, and discuss how HIPAA has affected the choice of document scanners. Secure scanning of PHI requires two parts: digitizing the records, and getting that information into the right location.
The HIPAA Security Rule defines confidentiality as “the property that data or information is not made available or disclosed to unauthorized persons or processes.” Any e-PHI created, received, maintained, or transmitted by a covered entity must be encrypted. Kodak scanners integrate with Virtual FileRoomTM to provide 256-bit encryption. Viewing files is transparent to the end user, but unauthorized devices cannot access them. The data remain encrypted, helping to ensure the confidentiality.
According to the HIPAA standard, integrity is “the property that data or information have not been altered or destroyed in an unauthorized manner.” Yes, this does mean that the paper will still have to be stored in a secure manner, but the digitalization of the records makes it possible to store them offsite and maintain access to the electronic version.
Part of maintaining the integrity of e-PHI is ensuring that the scanned data is transferred, clearly and correctly, from paper to computer. Optical character recognition (OCR) is the conversion of images of text, whether handwritten or typed, into encoded text that can be interpreted by computer software. Kodak Alaris offers Capture Pro Software that, using OCR, captures and indexes encrypted data and automatically delivers it to its intended location. This intelligent software automatically flags questionable images and optimizes image quality without rescanning.
Availability, as it relates to HIPAA, is “the property that data or information is accessible and useable upon demand by an authorized person.” For example, if a patient goes to the ER, their medical records should be available so that the ER doctors can give appropriate care. Kodak Alaris has an Info Input Solution that makes scanning and archiving e-PHI a streamlined process, allowing for short turnaround time for e-PHI retrieval. This solution is a web-based one that ensures a consistent chain of custody across multiple platforms, which is essential to compliance with HIPAA.
The IN2 Ecosystem provides scanners and software that allow health care professionals to care for their patients’ PHI quickly and accurately. Complying with HIPAA’s security rule has never been easier. Now providers can focus on what they do best — caring for their patients.