picstitch (7)
Click on the image to download your free copy of “Managed File Transfer for Dummies”!

Last week we explained how managed file transfer (MFT) transforms enterprise operations as part of our ongoing series around our new reference book, Managed File Transfer for Dummies. This week we’re diving into Chapter 4 and breaking down the real-world benefits of MFT.

Regardless of industry, MFT provides three critical dimensions of value: reducing costs, reducing risks, and improving IT agility, which increase the top line. Every company in today’s connected and competitive business environment needs to manage these three elements, and MFT offers a platform to do so. While Chapter 4 dives into different industry case studies, we will give you a snapshot of how MFT is applied in the healthcare sector.

A major U.S. health insurance provider believed outstanding customer service was its secret to success by not only exceeding its clients’ needs for timely, reliable, and secure exchange of data, but also maintaining compliance to the industry’s strict regulations. The firm was using a vendor solution that required the generation of a lot of scripts and code to automate its file transfer needs. So it started a project to understand all of its file transfer needs.

The company first recognized the importance of automation and a simple user-interface for operation by an entry-level administrator to free up senior security staff and coders for other work. It then realized the most crucial areas were compliance and audit. The business had to prove to the file recipients that the files arrived in a secure and timely manner. MFT provided the predictability and comprehensive reporting that were necessary to the business.

By implementing an MFT solution, the company realized numerous benefits, including:

  • Comprehensive visibility and control of the transfer and storage of all files between customers, employees, partners, and business systems
  • Enterprise-wide automation of almost all file transfers
  • Easy mechanism for employees to transfer large and sensitive files on an ad hoc basis
  • High availability and scalability from using redundant MFT servers

Finding an automated MFT system that supports many devices, strictly complies with a number of privacy and security standards, and is easily administered by an entry-level operator proved to be a great business decision.

>>> Check back next week for highlights from Chapter 5. In the meantime, download a free copy of Managed File Transfer for Dummies today!

 

emr

Of course, in order to understand the challenges (and solutions) of healthcare file transfer, there are a few essential terms that you’ll need to know. Let’s take a closer look at a few in particular:

  • HIPAA – Health Insurance Portability and Accountability Act.  This act requires the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans and employers. Specifically, this act was put in place to improve the efficiency and effectiveness of the healthcare system. In many ways, HIPAA compliance is the number one file transfer priority for those in the healthcare space.
  • BAA – Business Associate Agreement. This document is essentially a promise that the people hired to handle the sensitive healthcare information are adhering to the same confidentiality agreement that the healthcare providers observe.
  • HIE – Health Information Exchanges. This system provides the capability to mobilize information electronically, across a designated region or healthcare information system.  The HIE is designed to provide a more timely, efficient and effective patient-care system.
  • HIO – Health Information Organization. An organization that brings together health care stakeholders within a defined geographical area. This group then exchanges health information among themselves, for the purpose of improving the health and care within that region.
  • HITECH – Health Information Technology for Economic and Clinical Health. An act that promotes the adoption and meaningful use of health information technology. In other words, facilitating healthcare providers with the technology in order to use electronic health records. This would allow physicians to provide better care to their patients because the health records would be undamaged and easily accessible.
  • PHI (ePHI) – Protected Health Information (electronic). This individually identifiable information relates to past, present and future physical or mental health conditions of an individual.
  • EMR – Electronic Medical Record. This record contains both the medical and treatment history of a patient in a given facility, for one practice. This record stays within said facility and is not easily accessed by any additional doctors who may also be treating the patient.
  • EHR – Electronic Health Record. This report focuses on the total health of an individual. It recaps a patient’s history in every facility, for every practice, that the patient has used.  Think of the EHR as combining the information from every individual EMR that the patient may have, and placing it into one, central location.
  • Managed File Transfer (MFT) – While EHR is the central location for patient data to reside, MFT systems provide a complimentary central system to manage the transfer of files & data (including sensitive and confidential patient information) to/from the healthcare organization to its extended ecosystem of partners, suppliers and payers. This includes integrating with other systems and vendors with multiple configurations and access controls. MFT systems are a key cog in enabling a healthcare organization with file transfer automation and auditing to support HIPAA compliance.
  • Unstructured Data – Also known as the “patient narrative,” unstructured data is text-heavy information that may be unorganized, have irregularities or be ambiguous. This type of information would require the “human touch” to read, capture and interpret properly.  Most of the information that would be needed to make a decision about a patient can be found here.  This data is also difficult to standardized, difficult for a healthcare provider to gain access to, and difficult to share between dissimilar computer systems.
  • EDI – Electronic Data Interchange. This electronic communications system provides a means for exchanging data. This interchange facilitates the exchange of information from one computer to another with zero human intervention.
  • Omnibus Rule – A rule that was put in place to implement statutory amendments under the HITECH Act. Some of the effects that this rule had were: strengthening the privacy and security protection for individuals’ PHI, modified HIPAA Privacy Rule to strengthen the privacy protections for genetic information, and set new limits for how information is used and disclosed for marketing and fundraising purposes. Basically, the Omnibus Rule set further requirements for holding all custodians of PHI the same security and privacy rule of covered entities under HIPAA.

The list goes on. If you’re looking for a way to simplify the file transfer process within your organization, be sure to check out some of our healthcare case studies or this resource page. If there are any other terms that you would like to be explained, please be sure to leave them in the comments section below.

geralddrakeThe heat is on!  Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has never been more scrutinized and highly regarded.  The push towards compliance has fueled businesses large and small to explore the options and necessary requirements of HIPAA compliance.  Specifically, any organization that meets the HIPAA definition of a covered entity or business associate is subject to and under the HIPAA compliance umbrella, regardless of how far removed they are from the point of treatment, and is subject to audit, fines, and penalties in the event of a breach.  This includes those organizations that create, receive, maintain, or transmit protected health information (PHI) on the covered entities behalf, such as business associates and their subcontractors.  Don’t tread lightly- compliance with HIPAA, specifically the Security Rule, is a daunting task that many organizations will face, either through a proactive approach, in response to an OCR audit, or in the instance of a covered entity seeking satisfactory assurances.

Every organization’s goal is to achieve compliance, but not all organizations are created equal.  With security breaches occurring at an alarming rate, covered entities are searching for the right vendors that can secure their data appropriately.  And why shouldn’t they?  Business associates provide a level of service to these covered entities, which directly translates into an immediate risk, albeit reputational in nature.  By focusing on and achieving HIPAA compliance, business associates will increase their security posture, as well as safeguard the confidentiality, integrity, and availability of the covered entity’s data.  Additionally, HIPAA-compliant business associates will reduce their risk exposure, enforce best practices, and expand consumer confidence, which cannot be undervalued.

An organization may ask itself, ‘what is the path towards compliance?’  The path towards compliance starts with performing a HIPAA Security Rule assessment, which can be performed internally or by an independent, third party assessor.  The HIPAA Security Rule is made up of Administrative, Technical, and Physical Safeguards, as well Organizational and Policy/Procedure Requirements.  Each safeguard contains specific standards and implementation specifications that must be satisfied in order to validate compliance. The resulting compliance assessment of the HIPAA Security Rule focuses on common IT general controls, such as: risk management, physical and logical access control, protection from malicious software, disaster recovery, information security policies and procedures, workstation security, and encryption of data in transit and at rest.

A risk based approach to HIPAA compliance is critical to appropriately securing data, specifically ePHI.  The benefits are both quantitative and qualitative.  Consumer confidence cannot be quantified, but rest assured, a proven HIPAA-compliant business associate gains an immediate competitive advantage over its non-compliant competition.

Don’t be left on the outside looking in.  Initiate the HIPAA compliance process because it is no longer a request, it’s required.

Here’s a great write-up of how Rochester General Hospital is using Ipswitch’s MOVEit solution to manage over 400,000 electronic billing transfers per year to dozens of payer systems.

Quick background on the business need:  Rochester General Hospital needs to exchange patient records, insurance claims, and billing information from their electronic medical record (EMR) and accounting systems with many health providers and insurance companies.

Security and compliance are critically important:  Not only do the transfers need to be reliable to facilitate timely payments, but they also needed to be highly secure and auditable to protect patient privacy and ensure compliance with HIPAA and HITECH.

Ipswitch eliminated complexity and created efficiencies:

“We needed to consolidate on a standard way to transfer files to many different payer systems…. MOVEit consolidated a number of batch files and legacy tools into a single, secure and easy to use file transfer solution,” says Dylan Taft, Systems Engineer at RGH.

“In the event of an audit, MOVEit allows us to provide chain-of-custody and non-repudiation with just a few clicks.  Without MOVEit, we wouldn’t have this visibility.”

If we didn’t have MOVEit, we would have to hire one or two additional people just to review the log files every day – not to mention lost files, information arriving late, and frustrated doctors and payers.”

Do you have a great Ipswitch story of your own to tell?  Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!

“HIPAA Compliance & Healthcare IT Management Solutions Webinar”

  • Date: Thursday, January 19
  • Time: 1:30pm US EST

REGISTER NOW and be entered to win a $100 Amazon gift card!

Did you know that the Department of Veterans Affairs spent $20 million correcting HIPAA violations?

Avoid costly litigation like this and join the WhatsUp Gold team for a discussion of IT management challenges faced by healthcare organizations and how to leverage the WhatsUp Gold product family.

Topics covered include:

  • HIPAA – an overview of the legislation
    • Privacy and object access auditing
    • Mandated log retention
    • Audit and review requirements
  • IT challenges in healthcare – beyond the legislation
    • Infrastructure availability
    • Proactive monitoring
    • Growth projection