The Healthcare industry is known for its wide array of regulatory requirements that protect patient privacy and ensure safety. As discussed in our last blog
, organizations such as Healthcare can greatly benefit from interaction storage procedures to expedite and automate the extensive reporting requirements. Healthcare compliance audits are numerous and varied.
Examples are HIPAA Privacy and Security Audits
which fall under the provisions of the HITECH Act
, CMS audits
which scrutinize the documentation of supporting claims by Eligible Providers and hospitals for Meaningful Use Incentive payments, and OIG
which examines medical records to identify any billing fraud or abuse of physician providers who use “auto-generated data”.
These audits require storage and retrieval of data from many sources including patient medical records, call center interactions, EMS, and other data that can support the audit requirements.
HIPAA audits are thorough, and no providers are exempt. Providers must be in compliance with the HIPAA Privacy and Security Rules
The original HIPAA regulations were issued in 2000 and laid the foundation for a set of national requirements to safeguard:
- Availability to individually identify health information
Since 2000, HIPAA regulations have been modified and expanded, most recently to cover ePHI (protected health information maintained and transmitted electronically), and to specify requirements for notifying patients in the event of an unauthorized disclosure or breach of security.
Healthcare organizations and medical practices concerned with HIPAA Compliance now face a lengthy list of requirements. Just a few of these include:
Meaningful Use Attestation Audits
- Informing patients about privacy practices
- Securing patient medical records - both paper and electronic
- Conducting a risk assessment of the confidentiality, integrity, and availability of ePHI held by the organization
- Updating Business Associate Agreements with vendors and others to whom ePHI is disclosed
- Developing policies for breaches and notification to patients and to the media
The CMS EHR Incentive Program Audits are used to make incentive payments to providers who meet and attest to meeting Meaningful Use Objectives
. Providers can attest or certify in an online application that they meet all 15 of the Core Objectives, and at least 5 of 10 Menu Objectives. Most of the documentation are reports from the organization’s EHR system, or possibly internal audits conducted by a provider to establish they were meeting an objective.
Medical Record Audit
CMS and its Medicare Administrative Contractors (MACs) conduct audits of medical record documentation to determine if the documentation supports the services billed. These audits also consider “auto-generated data” produced as part of medical record documentation in EHR systems. MAC reviewers will ask for a sample of records to make sure that the data is not all auto-filled and represents a real patient.
With all these different audits and the cost of compliance growing, the use of interaction storage can increase the amount of data available for compliance reporting. Adding in analytics capabilities greatly increases the ability to sort and organize data, which is generated from interaction storage of media and metadata.
Triage Nurse Data
Data from Triage nurse stations
can also be used to retrieve information for reporting. A call center and triage nurse system that is digitally connected with medical providers, patients, and emergency responders in a multi-channel network allows close coordination between everyone. Utilizing Interaction capture with its metadata allows efficient retrieval of the entire event (e.g. bio monitor information, time of day, station, patient age, etc.) without spending time searching out supporting data.
This information can be used to show that patients are receiving proper care and that their privacy is being maintained.
Remote Monitoring Data
Report data can also be taken from remote health monitoring systems. These interactions can be anything from biometric data (e.g. a heart monitor of a patient at home) to a video conferencing session between a patient and provider. When both the data and metadata are collected, organized and properly stored, it can greatly help in proving the standard of care that is required for compliance audits.
About the Author - Tom Goodwin is the Vice President of Marketing at HigherGround. His background in telecommunications and data networking has been augmented with work in data analytics and automated reporting prior to joining HigherGround. Click here for more information on Tom and the rest of the HigherGround team!
HigherGround, Inc. provides best-in-class, reliable data capture and interaction storage solutions that enable clients to easily retrieve critical information. Our interaction recording and incident reconstruction solutions transform data into actionable intelligence, allowing optimization of operations, enhanced performance, and cost reduction.