emr

Of course, in order to understand the challenges (and solutions) of healthcare file transfer, there are a few essential terms that you’ll need to know. Let’s take a closer look at a few in particular:

  • HIPAA – Health Insurance Portability and Accountability Act.  This act requires the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans and employers. Specifically, this act was put in place to improve the efficiency and effectiveness of the healthcare system. In many ways, HIPAA compliance is the number one file transfer priority for those in the healthcare space.
  • BAA – Business Associate Agreement. This document is essentially a promise that the people hired to handle the sensitive healthcare information are adhering to the same confidentiality agreement that the healthcare providers observe.
  • HIE – Health Information Exchanges. This system provides the capability to mobilize information electronically, across a designated region or healthcare information system.  The HIE is designed to provide a more timely, efficient and effective patient-care system.
  • HIO – Health Information Organization. An organization that brings together health care stakeholders within a defined geographical area. This group then exchanges health information among themselves, for the purpose of improving the health and care within that region.
  • HITECH – Health Information Technology for Economic and Clinical Health. An act that promotes the adoption and meaningful use of health information technology. In other words, facilitating healthcare providers with the technology in order to use electronic health records. This would allow physicians to provide better care to their patients because the health records would be undamaged and easily accessible.
  • PHI (ePHI) – Protected Health Information (electronic). This individually identifiable information relates to past, present and future physical or mental health conditions of an individual.
  • EMR – Electronic Medical Record. This record contains both the medical and treatment history of a patient in a given facility, for one practice. This record stays within said facility and is not easily accessed by any additional doctors who may also be treating the patient.
  • EHR – Electronic Health Record. This report focuses on the total health of an individual. It recaps a patient’s history in every facility, for every practice, that the patient has used.  Think of the EHR as combining the information from every individual EMR that the patient may have, and placing it into one, central location.
  • Managed File Transfer (MFT) – While EHR is the central location for patient data to reside, MFT systems provide a complimentary central system to manage the transfer of files & data (including sensitive and confidential patient information) to/from the healthcare organization to its extended ecosystem of partners, suppliers and payers. This includes integrating with other systems and vendors with multiple configurations and access controls. MFT systems are a key cog in enabling a healthcare organization with file transfer automation and auditing to support HIPAA compliance.
  • Unstructured Data – Also known as the “patient narrative,” unstructured data is text-heavy information that may be unorganized, have irregularities or be ambiguous. This type of information would require the “human touch” to read, capture and interpret properly.  Most of the information that would be needed to make a decision about a patient can be found here.  This data is also difficult to standardized, difficult for a healthcare provider to gain access to, and difficult to share between dissimilar computer systems.
  • EDI – Electronic Data Interchange. This electronic communications system provides a means for exchanging data. This interchange facilitates the exchange of information from one computer to another with zero human intervention.
  • Omnibus Rule – A rule that was put in place to implement statutory amendments under the HITECH Act. Some of the effects that this rule had were: strengthening the privacy and security protection for individuals’ PHI, modified HIPAA Privacy Rule to strengthen the privacy protections for genetic information, and set new limits for how information is used and disclosed for marketing and fundraising purposes. Basically, the Omnibus Rule set further requirements for holding all custodians of PHI the same security and privacy rule of covered entities under HIPAA.

The list goes on. If you’re looking for a way to simplify the file transfer process within your organization, be sure to check out some of our healthcare case studies or this resource page. If there are any other terms that you would like to be explained, please be sure to leave them in the comments section below.

“HIPAA Compliance & Healthcare IT Management Solutions Webinar”

  • Date: Thursday, January 19
  • Time: 1:30pm US EST

REGISTER NOW and be entered to win a $100 Amazon gift card!

Topics covered include:

  • HIPAA – an overview of the legislation
    • Privacy and object access auditing
    • Mandated log retention
    • Audit and review requirements
  • IT challenges in healthcare – beyond the legislation
    • Infrastructure availability
    • Proactive monitoring
    • Growth projection

“HIPAA Compliance & Healthcare IT Management Solutions Webinar”

  • Date: Thursday, January 19
  • Time: 1:30pm US EST

REGISTER NOW and be entered to win a $100 Amazon gift card!

Did you know that the Department of Veterans Affairs spent $20 million correcting HIPAA violations?

Avoid costly litigation like this and join the WhatsUp Gold team for a discussion of IT management challenges faced by healthcare organizations and how to leverage the WhatsUp Gold product family.

Topics covered include:

  • HIPAA – an overview of the legislation
    • Privacy and object access auditing
    • Mandated log retention
    • Audit and review requirements
  • IT challenges in healthcare – beyond the legislation
    • Infrastructure availability
    • Proactive monitoring
    • Growth projection

As George Hulme recently wrote, the vision of Senator Richard Blumenthal’s data breach legislation is simple enough:  Protect individuals’ personally identifiable information from data theft, and penalize firms that don’t adequately secure their customers’ information.

Clearly, there’s a need for organizations to better secure confidential and private customer information.  It seems that a week rarely passes without a new high-profile data breach in the news.  In fact, 2011 is trending to be the worst-ever year for data breaches.  And that is despite many U.S. states introducing legislation that expands the scope of state laws, sets stricter requirements related to notification of data breaches involving personal information, and increases penalties for those responsible for breaches.

The need to protect customer data is unanimously shared by honest people worldwide…. The issue is HOW to effectively govern and enforce the various data protection requirements and laws?

I agree with Senator Blumenthal’s concept of establishing “appropriate minimum security plans”…. But color me skeptical on the government’s ability to appropriately monitor and enforce those plans, especially after witnessing the mighty struggles at effectively governing the dozens of state laws already on the books.

My skepticism is shared by many, including Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation:  “The devil is in the details with these laws.  We’ve had regulations, from Gramm-Leach-Bliley to HIPAA, that purport to help protect consumer data.  Companies are already victims in these attacks, so why are we penalizing them after a breach?  I think that’s because it’s easier to issue fines than it is to track down the criminals and go after them.”

In my opinion, business leaders need to prioritize their own internal efforts to properly protect sensitive information rather than wait on the government to catch up.  First order of business is to identify where confidential files and data live in your organization and ensure visibility of that info (after all, how can you protect what you don’t know about?).  Fortunately, there are technology solutions available to help organizations better manage and govern their critical files and data as they are being moved and consumed both internally and with business partners and across people, systems and various business applications.

Poll: IT Regulation Challenges

From an IT standpoint, what is the most challenging regulation to comply with?

(click on one of the answers below to see the results)

Enhanced by Zemanta

The Ziff Davis survey on Managed File Transfer did a nice job amplifying the aspects of currently deployed file transfer methods people think need the most improvement.

Checking in at #1 and #2 on the “improvements needed to my existing file transfer methods” list are SPEED and SECURITY.  This only fuels the age-old debate of productivity versus security… But that’s a topic for another day!  Needless to say, it’s not surprising that about half of survey respondents say that they need faster file transfers and roughly the same amount say they require stronger security.

Other items on the “improvements” wish list include:  reliability, capacity, scalability, central management, workflow integration, IT infrastructure integration and compliance.

It’s validating to see in the graphic that areas where MFT solutions excel today closely map to those aspects of existing file transfer methods that people say require the most improvement — Reliability, speed, security, up-time and capacity round out the top five.  Efficiency is a common theme with all these items, driven largely by time-sensitive business-critical processes and even SLAs depending on fast and highly available file transfer processes and workflows.

The last point I want to make about the “needs improvement” survey results is that no solution (MFT or other) will magically make a company compliant.  There is no holy grail to achieving regulatory, regional, industry or corporate compliance.  Rather, compliance is the end result of a strategically implemented, documented and monitored initiative that encompasses the entire arsenal of company-sanctioned policies, tools, and of course processes and employee actions.

Coming soon:  I’ve got a few more musings about the survey that focus on deployment challenges as well as the business benefits of MFT.

835UVUTMM99Z

Here’s a nice write-up of one of our newest customers, Salary.com

Every once in a while we like to showcase an exciting new customer and share some of the reasons why they chose to deploy an Ipswitch File Transfer solution to solve their business problems.

Quick background on the business need:

Salary.com exchanges data with thousands of customers and partners daily worldwide.

They sought a flexible, highly available solution that could simplify business operations and meet compliance regulations including SOX, PCI DSS, HIPAA and other state laws around employee privacy.

Security & compliance requirements were driving factors:

“It’s an imperative that our file transfer services maintain our rigorous requirements for keeping our clients’ critical business data secure,” said John Desharnais, managing director of technical operations at Salary.com.

And here’s some insight into their purchase decision:

“Salary.com reviewed several solutions, but selected Ipswitch’s MOVEit suite because of its comprehensive approach to managed file transfer, ability to provide an end-to-end audit trail and granular controls that monitor how files are moved, accessed, and used.”

“Ipswitch’s MOVEit solution is easy to use and ensures that we have complete visibility into all file transfer activity on our network.”

Salary.com, welcome to the Ipswitch family and we look forward to a loooong relationship together.  As your business needs continue to grow and evolve, Ipswitch will be a trusted partner that will continue to bring innovative solutions to market.