The murky waters of the HIPAA security rule

Laura Rose Lambert Electronic records, TWH blog 1 Comment

I apologize for the long delay in this article. This has been a good lesson in my limits of sifting through legalese and ability to produce something coherent from it. I think I’ll be avoiding this type of research in the future and instead focus on finding reliable resources to interpret this aspect of medical practice. This is a long one, so I urge you to grab some tea or another favorite beverage and take a break if you feel your attention wondering. To facilitate returning to where you left reading, I have divided the article into four pages. Many shades of gray The Health Insurance Portability and Accountability Act (HIPAA) is not a black and white document; it is very gray and constantly shifting with every new medical practice and technology. It will be a long time before I delve into these murky waters again. For resources to help you navigate HIPAA please use the links throughout this article and the list at the end. Disclaimer: I am not an attorney. I am not liable for any content, errors or omissions or inaccuracies. I cannot make any guarantees about the content. Please, please get legal services when you need them, they are the experts!  Using cellphones, tablets and computers or services such as online scheduling or insurance billing is common place in many of our medical practices. While most of us have a clear understanding of how to handle patient’s physical charts and personal information according to HIPAA law, the integration of technology has increasingly confused how we treat patient information. With changes as recent as January 2013, rumors abound about the proper use of health information and technology. After weeks of reading the source text for HIPAA, I struggled with concisely describing the expectations of the Privacy and Security rules of HIPAA. So many ‘experts’ interpret the law into a series of you have to or you must. Yes, there are aspects of HIPAA that require action but from my reading of it is more flexible and forgiving. A Portland, Oregon tech resource I recently found put it in a way I think we can all understand. HIPAA never allows or disallows anything. HIPAA asks you to balance risks and cost, reduce risks to reasonable levels and comply with certain security standards. – Roy Huggins (Person Centered Tech) Please keep in mind that there are no clear and fast answers …

Color coded medical files

The story of electronic health records and why holistic practitioners should care

Laura Rose Lambert Electronic records, TWH blog 1 Comment

After several years of hearing so many conflicting ideas about going paperless and electronic medical records, I decided to explore the topic for myself. For those who pursue a paperless system regardless of the legal requirements the options are endless. I hope to help focus your research. Feel free to contact me with any questions. In the coming weeks I hope to answer all your questions about electronic medical records, the legal standards that govern them, how patient privacy affects your use of technology and finally the software and hardware involved. For many of you the answers I offer in this first week will decide if you convert to a paperless system. Disclaimer: I am not an attorney. I am not liable for any content, errors or omissions or inaccuracies. I cannot make any guarantees about the content. Please, please get legal services when you need them, they are the experts!  Electronic record terminology First I’d like to clarify two terms that I often see used interchangeably when they are separate concepts. Electronic medical records (EMR) are tied to an individual provider, it has exactly what the paper chart in our offices does, but is digital. On the other hand an electronic health record (EHR) has a wider umbrella. An electronic health record centers on the patient, it follows them from provider to provider, eases communication between providers and creates an overall picture of the patient’s health. Am I legally required to adopt electronic records in my clinic? No. Surprised? Me too. Nearly every practitioner I’ve talked to recently believed this is something all heath care providers had to implement OR that acupuncturists are exempt from the “requirement.” This, of course, is not a simple no. While I found several secondary sources[ref]J Lynn. (2011, Jan. 13). 2014 EHR mandate. Retrieved from http://www.emrandhipaa.com/emr-and-hipaa/2011/01/13/2014-ehr-mandate/[/ref][ref]Rosen, T. (2010, Winter). Payments (and Penalties) for Electronic Health Records. Mid-Atlantic Health Law TOPICS. Retrieved from http://www.gfrlaw.com/pubs/GordonPubDetail.aspx?xpST=PubDetail&pub=836.[/ref] that spoke of this I went right to the source. There are several laws involved. The first comes from the American Recovery Act of 2009. Also known as Public Law 111-5, title XIII and title IV are commonly called the Health Information Technology for Economic and Clinical Health (HITECH) Act (PDF). The other federal law that addresses electronic records is the Affordable Care Act  (ACA) of 2010 (PDF) (click on the links for full text). After reading the HITECH Act and thoughtfully searching the ACA (it’s …