Tag Archives: hipaa compliance

Why Should A Physician Share A Good Relationship With The Patient?

 A physician attends to many patients in a day. But for a patient, the major concerns are about the severity of the illness, the quality of the treatment, etc. Patients expect the physician to diagnose the problem accurately and wants the best care possible. The ultimate goal is to get relieved of the illness as soon as possible. The physician must be interactive with the patient and it is important for the patient to cooperate with the physician to recover soon. So the relationship a physician shares with his patients is very important.

Factors affecting the physician-patient interaction

A patient wants to be taken care of and be able to frequently communicate with the physician. The physician also likes to engage with his patient and make the treatment easier but it is not easy always. So what are the factors that affect the interaction between the patient and the physician?

  • Physicians get busyPhysicians are always busy. Remembering the diagnosis of every single patient is close to impossible. He might forget what the patient is suffering from and will ask the same questions to the patient which can annoy the patient. The physicians being busy may not always follow-up with the patient. Instead, the physician will have a nurse to do that for him.
  • No effective modes to communicate – The system of care is still stuck with paperwork and following up or interacting with the patient is more of a documentation work than inquiring his well-being. There are no effective means to communicate with the patient. Following up manually is always prone to errors and leads to patient dissatisfaction.
  • Unable to reach physicians – Patients may always have to come to the hospital for even small problems as the physician is unavailable over phone calls or messages. It makes it difficult for the patient to get in touch with the physician every now and then.

These factors lead to care fragmentation and affect the health of the patients and also damage the reputation of the provider. Care fragmentation will ultimately lead to frustration between the patient and the provider.

Tips to strengthen physician-patient relationships

Following are five tips to strengthen physician-patient relationships,

  1. Follow-up appointments
  2. Get Feedback
  3. Being available at all times
  4. Staying in touch
  5. Embracing Technology
  • Follow-up appointments – Scheduling follow-up appointments with a patient after discharge is very essential for continued conversation between doctor and patient. It can help in having a check over patient’s health and also improve physician-patient relationships. Follow-up appointments need not be a  face-to-face visit always. The physicians’ can follow-up with their patients through audio or video calls eliminating the effects of poor communication in healthcare. A software to manage appointments and patient demographics can be a very useful physician communication strategy.
  • Get feedback – A lesser known tip for strengthening physician-patient relationships is by getting feedback from the patients. Feedbacks can be taken through a patient survey on the quality of care and treatment, phone calls, personal conversation with the patients, etc. Feedbacks can be useful in improving patient-physician relationship, knowing how good the service is and the areas for improvement.
  • Being available at all times – The physician must be available over calls or messages. This will make it easy for the patients to reach out to the physicians at the time of need. A nurse can also assist and bring it to the doctor’s attention if required.
  • Staying in touch – Though there are no appointments scheduled with the patient, it is always good to have a team of nurses following up with such patients occasionally. This will make the patient feel good about the physician and thus the patient-physician relationship will improve.
  • Embracing Technology – Technology is simplifying healthcare. With the help of a software, scheduling follow-up appointments, improving network connections, getting feedback from the patients, marketing a hospital, etc are made easy.

What HealthViewX solution offers?

HealthViewX Care Management Solution can help the physicians to check on their patients’ health even after hospital discharge. It results in effective communication within the practice and also between the provider and the patient thus improving the physician-patient relationship. The following are the key aspects of HealthViewX Care Management Solution.

  • Care plans to enable remote care – A provider can create a care plan for a patient depending on the vitals, treatments, measurements, etc that need to be tracked. The patient-centric application helps in logging data for the vitals specified in the care plan. If needed the care plan can also be printed.
  • Customizable dashboards to suit the need – Dashboards comprising of graphs and tables show a comprehensive data of the number of patients in different care plans depending on the patient diagnosis.
  • Scheduler to keep track of the appointments – An inbuilt scheduler keeps track of the appointments and sends timely reminders to both the patient and the provider. The chances of missing out an appointment are very less.
  • Audio and video calling features – HealthViewX Care Management solution support inbuilt audio and video calling features which help in connecting with the patients for follow-ups.
  • Patient-reported data – Patients can record data for all attributes in the care plan. Summary graphs and table data helps the providers in monitoring the patient vitals. The patient records can be anytime printed in pdf or excel report form. 
  • Health device integration – HealthViewX Care Management solution can integrate with any wearable device like Fitbit, apple watch, etc. Hence the patients need not waste time in logging data in the application if they are already using wearables.

HealthViewX Care Management Solution provides real-time communication between the patients and the providers thus enhancing the relationship between them. Schedule a demo with us to know HealthViewX HIPAA compliant Care Management solution better.

Why is Documenting A Medical Referral Not Easy For A Community Clinic?

How does referral works in a Community Clinic?

Community Health Centers (CHCs) are private, non-profit organizations that directly or indirectly (through contracts and cooperative agreements) provide primary health services and related services to residents of a defined geographic area that is medically underserved. CHCs are high referral outbound centers, who send out a number of referrals in a day. A Community  Health System has many PCPs who attend to numerous patients with different health problems. The PCP initiates referrals when the patient needs an additional diagnosis from an imaging center or a specialist practice. The following are the steps through which a referral flows,

  1. Referral Initiation – The referring provider gives the details of the patient and diagnosis to the central referral coordinating team. A referral coordinator will study the demographics of the patient and the diagnosis required.
  2. Insurance Pre-authorization – If the patient has an insurance coverage, the referral coordinator will validate the same. This step is required to find out which imaging center or specialist practice will cover the medical expenses.
  3. Finding the right provider – Depending on the treatment required, insurance coverage, patient’s convenience, the referral coordinator will narrow down the search and find the right receiving provider for the referral.
  4. Sending out the referral – After finding the right provider, patient information and the diagnosis details are shared while referring. The physicians can share the information via phone, fax, email, etc depending on the source that suits the receiving provider.

Medical referral history documentation

Referral history gives details of what has happened with the referral till date. The referral history is equally important to both the referring and receiving providers. Unfortunately, the receiving provider maintains this history through paper-based forms or EHR and it is not easily accessible to the referring provider. Documenting a medical referral is quite a challenge for the provider who initiates the referral. So what factors make it so tedious and challenging?

  • Physicians get busy – After the referral is initiated, the referring provider gets busy with other appointments and forgets about the referral until the receiving provider gives updates. Not to forget the receiving provider is also a specialist or from an imaging center who will also be busy. The receiving provider or the patient fails to communicate with the referring provider regarding the progress of the referral which makes it difficult to document the referral.
  • Lack of effective modes of communication – There is no effective platform to share patient’s sensitive data or communicate with the referring or receiving provider. The physicians are not available over calls or messages which makes the situation worse. There is a need for a standard HIPAA compliant application that the referring and receiving providers can use to share information which helps in referral documentation.
  • Manual effort making the referral process tedious – The referral process has manual intervention at every stage. This frustrates the providers and the referral coordinating team. Giving timely updates to the referring provider regarding a referral is too much of effort for the receiving provider. Documenting the referral manually becomes a challenge.

Why document a medical referral?

  • Patient’s need – The patient may come to the clinic at any time looking for the medical history of the referral. At that point, the clinic should be able to give the patient the medical referral history. So documenting a referral becomes a necessary process.
  • Clinic’s records for future reference – It is important for a Community Neighbourhood Health Center to maintain a history of its patient’s demographics and referral records. If the patient comes back to the clinic with an illness, these records will help in understanding the patient better and giving the best treatment the patient needs.
  • Direct future referrals – A history of medical referral records will help the physician in figuring out who responds quickly and who does not. The next time the physician sends out a referral, he/she will choose the most responsive and the most suitable receiving provider for the referral.

Information Technology to aid Community Health Systems

Information Technology is transforming healthcare to a great extent. Documenting a medical referral is easy for a healthcare based software application like HealthViewX. HealthViewX Patient Referral Management solution simplifies the referral process by the following steps,

  1. Referral Initiation – The patient demographics and diagnosis required are already in the application. The referral coordinator can create the referral through a simple three step form which includes insurance pre-authorization, finding the appropriate receiving provider with the help of  “smart search”, etc. The receiving provider is notified of the referral.
  2. Referral status and timeline view – With the status, a referral is tagged to, the referring provider can get to know in what stage the referral is. A timeline view shows a history of stages through which the referral has progressed.
  3. Referral and timeline view reports – The timeline view and the referral analytics data can be generated as a report in any form chosen.
  4. Referral closure and feedback – If the referral is completed, the status can be changed to closed. A feedback form is generated for the patient and the receiving provider. This can help the referring provider in making the referral process better next time.

HealthViewX Patient Referral Management solution smoothes out the referral process and reduces the burden of the referring and the receiving ends. Do you want to know more about HealthViewX Patient Referral Management solution? Schedule a demo with us.

Community Clinics Missing Out On The Progress Of A Referral – Know More!

What are Community Health Centers and what they do?

Community Health Center (CHC) in the United States is a non-profit entity comprising of clinical care providers, that operate at comprehensive federal standards. The care providers in CHC are a part of the country’s health care safety net, which is defined as a group of health centers, hospitals, and providers who are willing to provide services to the nation’s needy crowd, thus ensuring that comprehensive care is available to all, regardless of income or insurance status. CHC is a dominant model for providing integrated primary care and public health services to low-income and underserved population. There are two types of CHCs, one receives federal funding under Section 330 of Public Health Service Act and the other meets all requirements applicable to federally funded health centers and is supported through state and local grants. To receive federal funding, CHCs must meet the following requirements.

  • Be located in a federally designated medically underserved area (MUA) or serve medically underserved populations (MUP)
  • Provide comprehensive primary care
  • Adjust charges for health services on a sliding fee schedule according to patient income
  • Be governed by a community board of which a majority of members are patients at the CHC

Patient Referral Program in a Community Health Center

Community Health Centers constitute Primary Care Providers (PCP) who serve the underserved population. CHCs are high outbound referral setups i.e they send out numerous referrals. A patient visits the clinic when he/she is suffering from an illness. Depending on the severity, the physician might refer the patient to an imaging center for further diagnosis or to a specialist practice for advanced treatments.

Any Community Health Center will have a dedicated referral coordination team to send out referrals and take care of the community care coordination program. With the help of the patient demographics and diagnosis details available, the referral coordinator will go about doing the insurance preauthorization and finding the right imaging center or specialty practice for the patient. After that, the coordinator will create a referral that includes the details of patient demographics and the required diagnosis. Then the referral is sent to the relevant imaging center or specialty practice.

Challenges faced

The referral creation involves tedious manual work due to the following reasons.

  • Finding the right specialist/imaging center – The number of imaging centers and specialist practices is increasing day-by-day. It takes a lot of time and effort for the referral coordinator to narrow down the referral coordinator’s search and find the right one.
  • Time Spent – As the referrals are handled manually, a referring coordinator spends about half-an-hour to one-hour for a creating referral on an average and even more time in following up the same.
  • No Updates –  After a referral is sent, both the referring and the receiving providers get busy. It is not possible for both of them to be updated on the referral progress. So the specialist/imaging center and the patient fail to update the clinic on the progress of the referral. This results in open referral loops.

Why are referral updates important to a clinic?

  1. The patient’s well being – Any physician would always want to check on his/her patients’ health. So it is essential for a provider to want to know if the receiving provider accepted the referral, scheduled an appointment with the patient, the patient recovery status, or how severe is the illness, etc.
  2. Referral loop closure– Open referrals are a result of the referring provider not getting to know the referral’s progress. The ultimate aim of a referral process is to give the patient better treatment. Closing a referral loop is very important because it indirectly proves that the patient was taken care of.
  3. Data AnalyticsPCPs require concrete data of how many referrals were converted to an appointment by a specialty care or an imaging center. It will help in analyzing who responds quickly and to whom the PCP can direct future referrals.
  4. Referring to the right person – Depending on the progress of the referral and the patient’s feedback, the physician can get to know how good or bad the referral process has been. This will help the physician in knowing to whom he can refer and to whom he should not.
  5. Schedule follow-up appointments – After the referral is done, the physician has to schedule an appointment for the patient. For eg: If the physician is referring his patient to an imaging for X-ray, the physician must be notified once the test is done so that he can schedule an appointment and give treatment to his patient depending on the results. Structured appointments scheduled in a well-managed referral system is a constant source of new patient revenue.

Be updated about referrals with the HealthViewX solution

The major problem with a Community Clinic not getting updates is that everything is manual. A software solution can solve this problem quite easily. HealthViewX Patient Referral Management solution enables creating a referral in three simple steps thus providing a successful referral program. After the referral is created, it can be tracked with help of the status. Both the referring and receiving providers will be notified of the appointments, test results, treatment recommendations, etc. The system can integrate with EMR/EHR and can also coordinate between the referring and the receiving sides. Any referral has a timeline view which is common to both the receiving and the referring providers. In the timeline view, history of the referral can be seen for eg: notes related to the patient’s health, previous status of the referral, etc. Documents attachment and status change can also be done at any time of the referral process. HealthViewX Patient Referral Management solution can always keep you updated on the progress of the referral thus simplifying the referral process and helps in closing the referral loop.

HealthViewX Patient Referral Management solution helps the referring provider to track the referral progress. Schedule a demo with us and our patient referral management experts will guide you through our HIPAA compliant solution.

HIPAA Compliant Cloud Storage

What does HIPAA stand for?

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. It was formed in 1996 and, among other things, protects patient health information.

Who has to comply with HIPAA?

HIPAA applies to two groups:

  1. Covered Entities: Covered entities are defined in the HIPAA rules as  
    • Health Plans
    • Health Care Clearinghouses
    • Health Care Providers, who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
  2. Business Associates: A business associate is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information. It includes CPA, Attorney, Laboratories, IT Providers, Billing and Coding Services.

For detailed information, please visit the Health & Human Services (HHS) website.

HIPAA violations  

HIPAA violations are expensive. Based on the level of negligence, the penalty for non-compliance can range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.

Does HIPAA apply to Cloud Storage?

Yes, it does. When PHI is stored on behalf of the healthcare organization the cloud service becomes a business associate and thus must be HIPAA compliant. The law protects privacy, integrity, and accessibility. The Security Rule, which addresses electronic PHI, includes physical and technical safeguards such as audit controls and access controls. It also administrative safeguards such as data backups and security incident procedures.

Healthcare Industry – The Prime Target

The healthcare industry is one of the primary targets for cybercriminals. Stats reveal that a total of 113.2 million healthcare related records were stolen in 2015. Recent studies also say that healthcare has been the industry with the highest number of data breaches. And this stolen data could be  used by the cyber attackers for many fraudulent activities such as stealing identities, procuring drugs, for filing fraudulent claims, pursuing treatment using another identity, etc. and these criminals even sell the patient records for anywhere between 1-5 dollars per record and complete set of medical records for more than $1000 on the darknet. The healthcare industry attracts the security hackers because medical records are lucrative to sell and are easy to hack.

Medical identity theft is increasing at an alarming rate. But the healthcare industry still lags in terms of preparedness when comes to implementing security protocols. So far in 2017, 79 security breaches, each affecting at least 500 patients, have been reported to the U.S. Health & Human Services Department. And this hacking trend is likely to stay or even increase over the coming years. Medical records contain lots of information about the patient like their full name, address, insurance details, social security number, diagnosis details, driver’s license, credit card numbers and a lot more. This information from the medical records can be used for fraudulent billing, prescriptions, etc. By hacking these information cybercriminals make a significant amount of money. According to NBC News, complete health records are going for $60 each.

Steps to be taken by the healthcare industry to prevent data breach:

         Plan sufficient budget for security purposes to curtail or minimize data breach

         Choose the right technology solution to protect patient health data

         Adopt latest technologies to mitigate data breach

         Most of all, ensure the solution you choose is HIPAA compliant

         HIPAA Education for employees – Make sure all employees know what personal health information can and cannot be shared with patients, caregivers and outsiders

         Ensure IT secures the devices it issues employees

         Get rid of the paper records once it is scanned and imported into your EHR

         Encrypt data and also hardware

         Take Identity and Access Management seriously, provide individual specific access to patient health records.

Cyber threats are increasing at an alarming rate. The healthcare industry is the prime pick needs to make smarter decisions to operate their business. The healthcare providers need to have a clear understanding of how industry regulations impact cloud adoption and what has to be looked into while choosing a cloud storage service provider. A cloud storage service becomes a business associate if they store Protected Health Information (PHI) on behalf of any healthcare organization. Also, cloud service providers need to sign a business associate agreement with the healthcare organization that specifies the vendor’s compliance with HIPAA requirements. As a basic step, healthcare providers should ensure that the PHI is encrypted in the cloud. And make certain that the policies, technology, and processes required are in place to eliminate risks.

According to the U.S. Department of Health and Human Services, a HIPAA compliant cloud service provider should have certain administrative, physical and technical safeguards to host your data. Here’s below in detail of what constitutes a HIPAA compliant data center.

Physical Protection: It includes limited facility access and control with authorized access in place. All the covered entities or companies that must be HIPAA compliant must have policies about use and access to workstations and electronic media. This includes transferring, sharing, removing and disposing of any electronic protected health information (ePHI).

Technical Protection: This requires access or control to only those who are authorized to access electronic protected health information. It includes unique user ID’s, user-specific access, emergency access procedure, automatic log off, encryption and decryption. Audit reports and tracking logs should be implemented to help track any security violation.

Technical Policies and Procedures: This should cover integrity controls and also ensure the ePHI is not altered or destroyed. It should also ensure any IT disaster recovery and offsite backup are key to ensure any electronic media errors can be resolved and patient health information can be recovered intact.

Network Security: This requires HIPAA compliant host to protect against any unauthorized public access of ePHI.

On February 17, 2009, a supplement act called The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed, an act which the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act addresses the privacy and security concerns associated with electronic transmission of health information.

Patient health records are full of personal information and are a prized target for cybercriminals. Hence it is essential to protect the patient data. The HealthViewX Solutions keep patient data safe and secure with HIPAA Compliant cloud storage and ensure complete security to protect sensitive data.

How Not to Share Patient Information For Referral

The medical referral process is an important part of ambulatory care in the US. Medical referrals have a direct connection to patient health outcome and the provider’s revenue flow. Patient-specific information and the need to keep it safe is even more important.
To protect patient information from falling into the wrong hands, healthcare providers use various procedures and processes to ensure maximum security but when it comes to referral workflow there are no standard procedures nor any secure technology to ensure information safety.

Gigabytes of patient records are compromised each year because providers do not have processes, the required technology or is unaware of HIPAA regulations. Here is how not to share patient information during referral.

Email Is Not What You Think It Is:

Many providers rely on emails to send and receive patient information instantly. Emails are easy and a lot faster than faxes but the problem with emails is that the files sent through with emails are generally un-encrypted when transmitted or when saved leaving patient information sensitive to theft. Using emails to share patient-related data is against HIPAA compliant and according to HIPAA, the provider is held responsible for any breach.

Beware Of Faxes:

Faxes are the most common format to send and receive patient information between practices. Regular faxes are affected by the problem of encryption; since these files are not encrypted, this information could be accessed by an individual with access to phone lines and basic knowledge of the system. Faxes are slow and time-consuming and do not support all type of file formats. Received faxes are usually kept in the machine for some time exposing patient information to unauthorized people. Faxes leave a paper trail of patient information which will practically result in making EMR/EHR systems useless.

Triplicate Form:

Although triplicate forms sound straightforward, practically triplicate forms transfer the process of referring a patient from provider to patient or patient’s skin. The patient is left with the challenge of coordinating between physician offices – calling referral coordinators, faxing files to specialists’ office. Often a patient will have to request an appointment with multiple specialists which means sending sensitive patient information to specialists office who may not be taking care of the patient at all.

Sharing patient information is crucial in the medical referral process, but the systems that the healthcare providers use are incompetent to do a fast transfer of patient file and transfer it securely to authorized providers.
Hospitals need to establish clear-cut procedures in case of sharing patient information. Such a procedure should be able to track the flow of patient data and establish standard norms and practices to minimize the possibilities of compromising data.

Accidental Violation of HIPAA Compliance

Patient information secrecy is of utmost importance for any healthcare organization and medical professionals due to the risk of being compromised, exposed or accessed. With initiatives and innovation in healthcare IT space by various federal agencies (particularly CMS) and health care providers throughout the country over the years, have embraced healthcare IT innovations to secure healthcare data.

Most providers even today use conventional processes to send and receive medical referrals which could lead to an accidental violation of HIPAA (Health Insurance Portability and Accountability Act of 1996) rules which sets the standards to the use and share of patient-related information to ensure security.

In best practices, referrals are managed by referral coordinators who are in charge of sharing patient information, setting appointments and ensuring closure of the referral loop. The referral coordinator and other staff may be committing HIPAA violations in the following manner:

1. Triplicate Forms– Commonly, medical referrals are conducted using triplicate forms and it contains patient identification information. Such forms are circulated to the Specialists’ office and a copy is kept at the PCP’s office.

2. Patient Information Faxing– Hospitals and clinics relay a lot on faxing. Patient information for referrals are sent via faxes and it is not uncommon for providers to misplace such documents.

3. Use of Personal Portals and Storing Devices– For the ease of communication healthcare providers and referral coordinators repeatedly make use of their personal communication devices or portals like emails, cell phones etc.

According to HIPAA, all those above scenarios fall under the category of accidental violation of HIPAA regulations and such violators are subject to a penalty ranging from $100 dollars to $50,000 per violation depending on how the violation is categorized as.

It is not rare for providers to find themselves in these circumstances like many have in the recent past. Some due to negligence don’t comply with HIPAA regulations and on the other side of the spectrum for criminal activities involving staff misuse. Providers could take immediate actions against this issue and cut their risk in half.

a. Educating your staff on the threat to patient information, HIPAA violation and penalties involved.
b. Establishing standard procedures for staff to follow while dealing with medical referrals.
c. Likewise establishing security infrastructure to secure health data in hospital servers and cloud.

In the long run, these measures will not be enough. These methods do not have the capacity to manage large numbers of medical referrals and providers cannot divert much of their resources to maintain an IT team when there is always a shortage of helping hands.

Healthcare providers need to move away from paper triplicate forms and fax machines and embrace Referral Management Solution.

HealthViewX Referral Management Solution is a comprehensive, multi-channel solution that is secure as it is functional.