Remember the P in HIPAA: Portability – Recap and Highlights

HIPAA, the Health Insurance and Portability Act of 1996, is a far-reaching legislation capable of affecting the practices of the whole health sector. It aims to ensure that patients are able to access and verify their own medical records, and are notified of how their personal information, once shared or sent to some other entity, is used. The regulations stipulated in HIPAA can be segmented into 5 main components: The Privacy Rule (limiting the use and disclosure of protected health information (PHI)), the Security Rule (stipulating how PHI should be stored, accessed, transmitted, and audited to ensure the utmost protection), the Transactions Rule (stipulating conditions for any administrative transactions), the Identifiers Rule (promoting security, efficiency and consistency with respect to transactions by using three different identifiers), the Enforcement Rule (stipulating civil money penalty), and the HITECH Act  (incentivizing hospitals and physicians to turn to electronic health records (EHRs)). The Implementation of the above regulations serves to achieve HIPAA’s goal for secure accessibility of patient records. 

The Omnibus Ruling and Security

The more recent component, the Omnibus Ruling set in 2013, puts the focus of HIPAA on accountability. It more clearly states the extent of responsibility of all parties involved whether covered entities, providers, payers, or business associates in order to reduce the possibility of compromised patient data. This ruling has caused widespread concern associated with the large penalties of being non-compliant, placing the emphasis of the act on ensuring secure information and reducing liability.  

The Portability Component

However, it is essential to not let the concept of accountability overwhelm the idea of HIPAA at its core. The P in HIPAA represents the driving force behind the original act. This P component, “portability,” comes from the fundamental need to share patient health information between physician and physicians, specialists, researchers, insurers, and financial managers.  A medical environment, conducive to efficient, collaborative, and successful medical practice as well as having the capacity to function as a business necessitates such information sharing practices. A balance between portability and accountability must be maintained within the HIPAA compliant structure. 

The HITECH Act, Electronic Medical Records, File Transfers

Under the HITECH act, the transition to Electronic Medical Records (EMR) and online information sharing solutions has the potential to foster this balance more efficiently. With the rise of EMRs, the use of regular faxing systems, the most common method of sending patient records, is becoming obsolete as it decreases efficiency and security of file transfers. The Electronic nature of the records is rendered less useful as records would still have to be printed and faxed via fax machine, increasing the potential for unnecessary breaches such as protected documents being left on a fax queue, not being destroyed, or lacking appropriate audit trails without a document sharing policy.

Hosted Online Faxing Solutions and Security

Online faxing and cloud-based services have become increasingly more popular methods of solving the information transfer problem due to their efficiency, usability, and security. Unlike emails, which lack security, and unlike original fax machines, which involve typing in phone numbers with loose paper lying around, online faxing servers combine analog security and an easy user interface. Instead of printing the EMRs to send them to another entity, the EMRs can automatically be sent, without loose paper or potential to dial a number incorrectly, using an online hosted fax server.

Hosted Online Faxing Solutions and Portability

Beyond the compliancy benefits, fax servers enable portability on a larger scale.  Using Cloud faxing, Healthcare professionals can securely share electronic records with other specialists in an efficient and user-friendly Health Information Exchange (HIE). Cloud services also offer cost savings, lower infrastructure overhead, and reliability. In the midst of the central question of whether or not you are compliant, it is still essential to take the time to explore whether your information is sufficiently portable. The system security and transit efficiency of your medical records should be evaluated to ensure that the shift to electronic and compliant system aligns with all aspects of HIPAA.